I moved all of my static websites to Netlify. I now use Docker on Amazon Lightsail for web services.
Installation is as easy as:
# They recommend downloading and checking the script first, but this way can be automated.
curl https://get.docker.com | sudo sh
I add the ubuntu
user to the docker
group so I can run the docker containers from non-priviledged account. ubuntu
is the default account on Amazon Lightsail's Ubuntu image.
sudo usermod -aG docker ubuntu
Then I go ahead and login to the docker hub registry and pull all the images for my services, and run them:
docker login
docker pull <private_repository>:<service>
docker run -p <host-port>:<docker-port> <private_repository>:<service>
Dockerfiles
For each web service, I package it in a Dockerfile and push it to a private repository. I'm using the free private repository that comes with a Docker Hub account.
I use volumes for persistent storage. I would like to use a non-root user inside the container but there are permissions issues that I cannot figure out, at least on a Mac.
Dockerfiles for prebuilt services
# golang is better than ubuntu because we want to copy ca-certificates which are already present in golang
FROM golang AS builder
# scratch allows us to only have our service since go statically compiles
FROM scratch AS final
# some go services will need to verify tls certificates for connections and so need these certs to be present
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# copy prebuilt binary and resources
COPY app /app
# set the working directory if required by the app
WORKDIR /app/src
# if app needs flags set, set them here
ENTRYPOINT ["/app/bin/app", "-p=8080"]
Dockerfiles for building go services
# golang is better than ubuntu because we want to copy ca-certificates which are already present in golang
FROM golang AS builder
# make a directory for our source
RUN mkdir /build
WORKDIR /build
# using go modules works very well with this way of building
COPY go.mod .
COPY go.sum .
# cache downloads
RUN go mod download
# get our source into the container
COPY . .
# statically build our service
RUN CGO_ENABLED=0 go build -ldflags '-extldflags "-static"' -o /app ./cmd/app
# scratch allows us to only have our service since go statically compiles
FROM scratch AS final
# some go services will need to verify tls certificates for connections and so need these certs to be present
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# if there are other resources for the app, copy that here
# copy the binary we just built
COPY --from=builder /app /app
# set the working directory if required by the app
# WORKDIR /app/src
# if app needs flags set, set them here
ENTRYPOINT ["/app", "-p=8080"]