![]() We didn't end up solving this - we just removed the wildcard DNS entry and then everything worked fine. We ran into problems having a wildcard DNS entry set up (*.) when the hostname was part of that domain - most requests for a hostname that was not fully-qualified resolved the wildcard DNS entry instead of the local DNSMasq entry.There is a lag before the host DNSmasq populates new container addresses - we currently have an update script that polls every 10 seconds for new changes, and Nginx needs a reload to see a change in a container IP address.There are a couple gotchas with this approach: Using this pattern, we can link all the containers together by a simple hostname, without having to link specific containers together. We configure DNSMasq on the host so that you can reach any container on the host by its name, and set each container to use the host's DNS. When using Docker, each container has a different IP address bridged on the host, and can expose different TCP ports, or sockets in the filesystem, to allow connections. On our production servers, we have kept Nginx, Postfix, and DNSMasq outside the containers and installed directly on the host. So far we have put PHP, MariaDB, Apache Solr, and a bunch of other supporting services into containers. So the best practices are to have a different container for each necessary service, not a single container with the whole set. ![]() You might think of Linux containers as a form of "cheap virtualization." However, the way the Docker community has come to use them is more like a chroot jail - a way of isolating a single process into a container that protects the rest of the system if that process gets compromised, and not a full operating system with multiple processes. Docker is a system for managing Linux containers. If you're a technical person and haven't heard of Docker, you must have been offline for a couple years. We still use Linux, MariaDB and PHP, of course, but instead of Apache we've moved to Nginx, and we've added Docker and Salt. This year we're replacing our old "traditional" LAMP stack with an entirely less pronounceable LNDMPS version. ![]() Three nice benefits we get from our new standard Drupal server architecture.
0 Comments
Leave a Reply. |