You’re running a web server in your Docker container. The web server is configured to listen on default HTTP ports – 80 for http and 443 for https (http-ssl).
For security reasons, you want to change the port to which it is listening. How can you do that?
In our role as Technical Support Providers for web hosting companies and infrastructure providers, we provision and manage Docker systems for various business purposes.
Changes in Docker container configuration is a task we perform as a part of this service. Here, we’ll see the different ways to do that.
When do you need to change Docker container configuration?
In Docker infrastructure, you can have containers that run any application or service – from web server to WordPress instances.
Suppose you have a Docker container which runs web server on port 80 and 443.
3b127172bfe8 https-portal:1 "/init" 3 months ago Up 3 months 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp https-portal
As port 80 is more susceptible to attacks, you want to modify this port configuration to another port, say 8080.
Using ‘docker update’ command, we can modify or restrict container resources. But Docker doesn’t have any straight-forward way to modify ports or network settings.
How to change Docker container configuration
To modify the container configuration such as port mapping, we can do one of these 4 workarounds.
1. Create new image
The easiest way out is to terminate the existing container and spin up a new one with the new ports. This is done by copying the image of the existing container and then creating a new container from this image.
During container creation, the new port mapping or configuration setting can be specified as parameters.
docker commit https-portal https-portal:2 docker run -p 8080:80 -td https-portal:2
But this method is not feasible when there are too many containers and you can’t handle the overhead of creating and terminating containers.
2. Edit config file
Each Docker container has a set of config files associated with it. The parameters of that container, such as Port mapping, would be specified in that file.
The config file is a json file at the location ‘ /var/lib/docker/containers/container-id/config.v2.json ‘. Using ‘docker inspect’, we can see the current port mappings of a container.
"PortBindings": {
"443/tcp": [
{
"HostIp": "",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
]
},
After stopping the container, the config.v2.json file can be edited to update the corresponding entry for “Ports” and “NetworkSettings”. The “PortBindings” entry in hostconfig.json file is also updated.
"PortBindings":{"443/tcp":[{"HostIp":"","HostPort":"443"}],"80/tcp":[{"HostIp":"","HostPort":"80"}]}
After making the changes in config files, Docker service is restarted and container is started. It will then show the new port mapping in the results.
3. Modify Dockerfile
In hosting environments or development scenarios which need too many containers to be spun up, the easiest way to manage is using Dockerfile.
The Dockerfile contains the basic configuration settings for each container. A sample snippet would be:
domain.com: container_name: domain.com image: wordpress mem_limit: 500m restart: always environment: WORDPRESS_DB_HOST: XX.XX.XX.XX WORDPRESS_DB_NAME: domain-wp WORDPRESS_DB_USER: username WORDPRESS_DB_PASSWORD: 'password' VIRTUAL_HOST: domain.com volumes: - /home/username/files/domain.com/:/var/www/html:rw
For changes to be made, the Dockerfile is updated for those containers. After making changes, the corresponding containers are recreated and others are left intact.
docker-compose -f dockerfile.yml up -d --no-recreate
By creating images out of the modified containers and using them to create more containers, we can easily reproduce the same configuration settings in future containers.
When changes are made, Dockerfile is revised appropriately and new images are build from those. We set proper labels to identify the changed images.
In Docker, it is possible to define configuration settings, keys, and other data in environment variables. These parameters can be specified in the entry point script of that container.
"WorkingDir": "/var/www/html", "Entrypoint": [ "/entrypoint.sh" ],
Defining the parameters in entry script allows containers to start into a defined configuration. Any changes in the configuration can be reflected by modifying this entry script and restarting the containers.
When a Docker container is started, these environment variables are retrieved from the entry point script and relevant files are inserted into the container before it is launched.
4. Use Docker volumes
Docker containers do not store persistent data. To ensure data is preserved in Docker, we use Docker volumes to store them.
In production servers such as in hosting environment, we ideally store the configuration files in Docker Volumes. When containers are started, the path to the volume is specified.
Docker Volumes can also be configured in the entry point script or Dockerfile. The configuration files specified in this docker volume can be used to define the settings of the Docker containers created.
Conclusion
Docker containers are widely used in DevOps and niche web hosting. Today we’ve discussed the various ways how our Docker Support Engineers change Docker container configuration in the Docker infrastructure we manage.
1219
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
