I am currently setting up a Docker environment for shared web hosting.
We want to segregate every websites into their own container to limit cross-sites infection in the case that a client does not upgrade his CMS (eg: Wordpress)
I’ve been playing with Docker a lot recently and built our own container to host the websites.
I’d like to know if anyone have “best practices” for that king of setup, I searched and searched, I could not find anything.
So far, here is how I’m planning to setup the environment.
First, there is a nginx proxy running on ports 80/443
Then all the sites are under /web/www.website.com
Every container is started with /web/www.website.com -> /web (in the container), 80/443 ports are forwarded and setup in the nginx proxy.
Logs are centralized but that’s not important for the moment.
Inside the container there is a nginx/php-fpm setup to serve /web
Clients will be able to update their website with a ftp service running on the docker host and will be chrooted into their /web/www.website.com (I’m thinking about running the ftp service in a container also)
Am I on the right path?, has anyone tried a similar setup? What is your opinion?
Feel free to add suggestions, we’re in the design/proof of concept state