I have a complex question. I’m running my own physical server where I host my project and project for my paying clients. I offer standard hosting with Apache/PHP/MySQL/FTP/mails. I’ve been doing this for years and I always used ISPConfig to manage my websites and mails.

Now, I’m configuring a new server and I want to catch up with trends and make my client websites/mails more secure. I’d like to make my server more manageable than ever - so, if I ever want to host client’s project on some other server, the process would’t be so time consuming like it’s now.

I’m thinking of doing this with Docker. I came to conclusion that Docker would be the best solution for making everything more secure (sandboxing) and manageable. I’ve learnt a lot about Docker in past days and I think that I undestand more than just basics.

The problem is, I have no idea how to do this - I mean how to do the topology of whole solution, how to interconnect Docker containers and how much abstraction should I introduce to the whole solution. And since I have no experience in this area, I thought someone more experienced could help me with this.

To give you some examples:

• I could make every domain sepparate interconnected docker containers (one container for mails of domain foo.com, one container for websites on foo.com, one container for databases on foo.com, another for bar.com and so on and have them accesed via reverse proxy)
• I could do one container for all websites, one for all databases and one for all mails
• I could do sepparate container with Apache/MySQL/whatever per domain and access via reverse proxy
• Doing some magic with Docker swarm?

What path should I take? What is a bad idea? Are there any practical articles about this matter? Is there any way to introduce ISPConfig to this solution, or some similiar graphical tool?

Hi.

I think it really comes to personal preferences, but here is what I would do:

For proxy/loadbalancer, i would use traefik, because it has service discovery, meaning that you can give your containers a label, like:

 labels:
   - 'traefik.frontend.rule=Host:foo.dk'

And it will forward the traffic for that domain, to that container, without you doing anything but give that label to a container and start it up, also it will use letsencrypt to setup ssl.

For email, i THINK, i would go with one big email solution, and use maybe something like mailcow, because there is so many elements to email handling, antispam, smtp, imap/pop3 and i dont think it will work very well in just 1 container (but will/can it work, yes) but the docker way would be to split all those services up into seperate containers, and then you might end up with like 6-8 containers pr customer.

Also it will make it easy for you to “pre install” applications like, customer wants wordpress? just start the wordpress container and you’re done.

Wonderful. Thank you for your helpful answer. Do you have any suggestion for which approach to choose for the whole topology? I agree with you on the email solution, however I’m unsure what to do with the websites. I have a pretty beefy server with lots of space, RAM and CPU power, but that doesn’t mean I have to use all the resources. I don’t know how much resources would take the use of lots of Apache/Nginx containers, I don’t want to be wasteful.