[bitfolk] Re: LXC containers on a Bitfolk VM

On 29/06/22 14:37, Ian Hobson via BitFolk Users wrote: I've moved some of my infrastructure into containers on my VPS and am very happy with it. It's really important to make sure that your containers are ephemeral. That is to say, your application should be able to survive the container being destroyed and a new container image started in its place without data loss. Everything that your containers write that you want to persist (your data!) should either be stored on a directory mounted in from the host filesystem, or in a containerised storage service with a similar guarantee of persistence (e.g. a local database container or a storage bucket on the cloud). Similarly, don't store any secrets in your container image itself. They should either live in persistent storage or be injected via your containerisation's secrets mechanism. My rig is pretty simple really. 1. A standard postgres-alpine container, with its data dir bound to a directory on my VPS rootfs. It listens on the standard postgres port (5432). 2. A custom container running Mezzanine (which is a Django app), with its projects directory also bound to a place in the rootfs. It listens on 127.0.0.1:8080 and is configured to use the postgres database on the hostname 'db' for its storage. 3. Docker-compose takes care of networking and virtual DNS within the containerised universe. I have it bind 127.0.0.1:8080 on container #2 to 127.0.0.1:8000 on the VPS, for reasons that will become clear in a moment. A systemd script brings up the containers when the VPS boots. (You'll notice I haven't mentioned IP addresses other than localhost; I don't need to care about them. The containers are somewhere in RFC1918 space.) 4. There's an nginx instance serving as front door & applying TLS. It is configured to reverse proxy to 127.0.0.1:8000 (amongst others). It is not yet a container as I have more to do before that makes sense. (One of these days.) I'm becoming a big fan of infrastructure-as-code (or, at least, infrastructure under version control). Broke the live config? Never mind, roll it back! One thing to keep in mind is how much RAM and drive space you will need. You want to be running containers that are as tight as possible in a constrained VPS. Looking for images powered by Alpine is usually a good bet. RAM-wise, I am using (checks) 329MB of my 1.5G right now. Not exactly a heavy user :-) Ross