Looking for "best practices": How to maintain containerized services?


I read a lot about Docker, bought a book and played around with it. It’s a great tool, but there are two things, I still haven’t figured out:

Consider a Docker server that provides 3 services: Two different apache webs and a Node.js-based web service.

I created a Dockerfile for Node.js, but were a bit confused when it came to the apache webs. Should I build only one Dockerfile for the two different services (as I did for Node.js), and outsource the configuration to a volume?

What I did instead was creating an intermediate Dockerfile “Apache”, and two additional Dockerfiles for the single webs that derive from it, and directly bake the correct settings and web data into the image.

Q1: Is this the right (or at least a good) approach I took for the apache services? How do you manage that kind of similar services?

The services are up and running, but my main problem is, that I am not sure how to handle updates. Consider my two apache services. As far as I understand there are three possibilities that might require an update of the containers (respectively its image):

  • The base image changes (ubuntu:trusty in my case), because e.g. some security updates were applied
  • My apache base image changed, as I modified and rebuilt the apache Dockerfile, so that the image contains an updated apache version.
  • The application-specific Dockerfile changed, because I e.g. modified the configuration and rebuilt the Dockerfile.

Q2: According to the last three steps, it is clear that I need to recreate my container, if the configuration has changed. What I want to achieve is an automation at least for the first case (base image changed), but I would prefer to automate the second case (apache update available) as well. How would I do it? How do you maintain your services?

I found this answer on SO for the first issue, but it seems complicated and complex. Is there a better way?

My naive approach (which I don’t like) was to use a cronjob that runs a new container based on my Apache image and checks for. If an update is found, it checks out the Dockerfile using Git, modified an environment variable, so the image gets refreshed upon build and recreates the images and container. This seems not very straightforward as well.

Do you have any hint for me how to properly maintain different docker-based services?