I’m starting to go deeper with docker, I’ve reviewed some tutorials, and I’m starting to get a grasp on how to use simple mechanics and docker compose

My idea now is to scale it up a little on my production servers

First and foremost, I have two main ideas I would to try out right now

One is having multiple sites running under nginx/PHP docker images and one database, with a postgresql image. I want to know if this is the right way to proceed.

1. First define all the Dockerfiles one for each site, meaning one nginx per site. The problem with this is that I could only expose one 80:80. So I assume that I should be running all sites in a PHP-FPM docker image?
2. Then define the dockerfile for the postgresql, name all containers, and put set one network for all containers. In the config files, just point to the names of such containers as the new hostnames.

Just like this:

3. And finally, maybe a restart: always per container to preserve uptime in case or reboot.

And that’s all? Any things I should be considering apart from this?

I’m going to start migrating 2 or 3 non-critical pages for 2 months to see how this behaves before moving more important ones.

I would use a reverse proxy like nginx-proxy (and companion) or Traefik to handle TLS and proxy (forward) requests depending on (sub-)domain to the different internal target services.

I would further use php:<version>-apache images (hub) to have self contained web apps.

I never thought on reverse proxies, but now i see its clearly the way to go

I’ve been looking to Traefik and it remind me the nginx proxy manager

But I dont want fancy web UIs that could pose an extra risk in production. I want to keep it all console if possible.

I’ve never played with nginx reverse proxy, but apache reverse proxy. Let see how I can make it happen

I assume something like this:

image1050×724 40.5 KB

I’m not sure what you meant here. I don’t know about the nginx proxy manager, because I switched from Nginx Proxy to Traefik, but Traefik is not a “fancy” solution. It is rather a professional one. Yes, it has a web UI which is optional and should not be available publicly. You can even disable it completely or allow only local connections.

Container based reverse proxies don’t require different port numbers for each container. You just add labels on the containers and the proxy detects the requests from specific domains, paths, ports to the right containers.

You don’t need to manage the ports. Use a Docker network and everything is handled for you, see my linked Traefik example above.

The “fance web UI” risk is not really there with Traefik, as the web UI is optional, and it doesn’t even let you change anything, only view status. Traefik will use labels to configure the target services.