Need help making docker compose run my container without ability to log into it in production. I've tried to achieve this by overriding compose file stdin and tty settings but failed ... many times.
I have stdin and tty open for development in my compose file(docker-compose.yml):
services:
web:
image: some_image
container_name: my_service_dev
environment:
.....
stdin_open: true
tty: true
I've made another file for production and override some settings incl. omitted stdin_open and tty (docker-compose-prod.yml).
services:
web:
image: some_image
container_name: my_service_prod
environment:
....
After rebuilding images with docker compose
docker-compose -f docker-compose-prod.yml build --no-chache
and running them with
docker-compose -f docker-compose-prod.yml up -d
I still can enter this container's pseudo tty with docker exec.
I've tried to explicitly disable stdin on my next attempt (docker-compose-prod.yml)
services:
web:
image: some_image
container_name: my_service_prod
environment:
.....
stdin_open: false
tty: false
Rebuilt it and ran with same result.
Then I've made an assumption that my docker-compose.yml file is somehow being merged to build/run settings so I renamed it to docker-compose-default.yml.
But alas I still observe that my container runs with opened stdin in productions. Does docker-compose up -d always run with opened stdin/tty(sounds strange but I feel like I'm going crazy)? Or what did I miss?
docker exec -it my_prod_container bash
This doesn't connect to stdin of the container. It starts a second bash process inside the container. stdin has nothing to do with it and enabling or disabling stdin_open and tty will have no effect. They're unrelated.
An analogy to C would be closing stdin and hoping that would block fork() calls.