Getting my head around converting multi tier apps to Docker


I’ve been playing around with Docker and am just trying to get my head around how to convert some of my existing apps to docker containers in a swarm.

Say for example I had a simple 3 tier web app, consisting of a web front end, an API layer and a DB backend, where only the web front end was exposed externally. I’m just trying to get my head around how best to set things like this up in Docker containers in a swarm to allow for multiple instances of containers for load balancing.

Is it best to create a Docker compose file, detailing all containers of the application, or better to think about them a seperate services that can be setup seperately?

Any advice about exposing access to web front ends only, and blocking access directly to the API and DB containers from outside the swarm? I haven’t looked at the networking features of Docker yet, so guess thats the best place to start! :slight_smile:

Any advice/best practice guidelins appreciated!

swarm (for me) is really good for identical components. (which your web servers could be)

it requires a manager node , and some number of worker nodes (where the containers run)

for scalability you would want a load balancer, like haproxy or nginx, in front of your collection of web servers.
a single backend db, and someplace to put the web code that all web servers can use (without having to copy updates
across the running servers)

here is a design I use on amazon aws. ECS (not docker swarm, but similar)
web design

entry is only the load balancer
web server boxes are the amazon OS instances. (scaled by the ecs service)
the web application (apache for my use) docker containers run here. they are identical. no app code in container
the app code (php), lives on shared volumes accessed by each web server
and there is a single mysql DB backend.

the ASW ECS service allows config of auto scaling the ECS instances AND the number of docker containers running on each) AND manages all the port mapping from the load balancer to the container ports.

the AWS VPC (virtual private cloud) is configured ONLY to allow http port 80 and 443 into the load balancer, all the other systems are protected from outside access.

in a swarm, I would have workers (ecs instances) and some manager (not needed in ecs), and all the rest.

there is a docker for aws that will construct all of this using swarm I think… I didn’t look that closely at the deployment when I spun it up last month…