Search code examples
dockercontainersfirewalld

Deploying and Securing Docker Containers and Server OS


I am running a CENTOS Server and will be installing the Docker Engine on top of that where needless to say, I will be setting up my containers. I'll initially be setting up two containers: (1) serve my web pages (2) run my database.

My thought process was that I would install FirewallD on the CentOS. My questions are the following:

  1. Do I need to install some sort of firewall within the containers itself? If so, can someone at a high-level tell me how this is done and what firewall I would be installing at the container level?

  2. Do I need to open some ports within FirewallD running on CENTOS to access the Docker Engine / Containers?

  3. As you can tell, this will be my first developing with containers, so do I need to create the containers first on the server and then on from my development machine push the containers to the identified container?

I would appreciate it if I could get some guidance here as I'm tasked to do this, but not sure of the correct path.

Thanks again.

I really have not tried much as I'm not sure where to begin. Currently I have just been doing some research on my use case.


Solution

  • Q) Do I need to install some sort of firewall within the containers itself?

    A) No, not really. Containers can only communicate via the ports the configuration specify to open.

    Q) Do I need to open some ports within FirewallD running on CENTOS to access the Docker Engine / Containers?

    A) TCP/IP port 443 if you want to access the daemon via the REST API. Other wise, and probably more secure, leave remote access off. SSH into the machine and interact with the daemon locally.

    Q) ...do I need to create the containers first on the server and then on from my development machine push the containers to the identified container?

    A) Create the containers on development, push the image to a repository (Docker Hub is one, AWS ECR is another, you can also host your own). Access the server, then finally pull the images from the repository onto the server.

    As for where to begin; At the beginning :D. But really, https://docs.docker.com/get-started/ has a 'getting starting' to start you off. Linux Academy, A Cloud Guru, Lyda, Udemy, and other similar learning resource are all solid starting points.

    Hope this helps you on your journey.