Docker

Flowonyx
Flowonyx

I moved all of my static websites to Netlify. I now use Docker on Amazon Lightsail for web services.

Installation is as easy as:

# They recommend downloading and checking the script first, but this way can be automated.
curl https://get.docker.com | sudo sh

I add the ubuntu user to the docker group so I can run the docker containers from non-priviledged account. ubuntu is the default account on Amazon Lightsail's Ubuntu image.

sudo usermod -aG docker ubuntu

Then I go ahead and login to the docker hub registry and pull all the images for my services, and run them:

docker login
docker pull <private_repository>:<service>
docker run -p <host-port>:<docker-port> <private_repository>:<service>

Dockerfiles

For each web service, I package it in a Dockerfile and push it to a private repository. I'm using the free private repository that comes with a Docker Hub account.

I use volumes for persistent storage. I would like to use a non-root user inside the container but there are permissions issues that I cannot figure out, at least on a Mac.

Dockerfiles for prebuilt services

# golang is better than ubuntu because we want to copy ca-certificates which are already present in golang
FROM golang AS builder

# scratch allows us to only have our service since go statically compiles
FROM scratch AS final

# some go services will need to verify tls certificates for connections and so need these certs to be present
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# copy prebuilt binary and resources
COPY app /app

# set the working directory if required by the app
WORKDIR /app/src

# if app needs flags set, set them here
ENTRYPOINT ["/app/bin/app", "-p=8080"]

Dockerfiles for building go services

# golang is better than ubuntu because we want to copy ca-certificates which are already present in golang
FROM golang AS builder

# make a directory for our source
RUN mkdir /build
WORKDIR /build

# using go modules works very well with this way of building
COPY go.mod .
COPY go.sum .

# cache downloads
RUN go mod download

# get our source into the container
COPY . .

# statically build our service
RUN CGO_ENABLED=0 go build -ldflags '-extldflags "-static"' -o /app ./cmd/app


# scratch allows us to only have our service since go statically compiles
FROM scratch AS final

# some go services will need to verify tls certificates for connections and so need these certs to be present
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# if there are other resources for the app, copy that here
# copy the binary we just built
COPY --from=builder /app /app

# set the working directory if required by the app
# WORKDIR /app/src

# if app needs flags set, set them here
ENTRYPOINT ["/app", "-p=8080"]