Running a Container as Non-root

Be default, the root user is logged in when a container starts. Being the root in the container means you get to do anything you want to the container’s file system. There are reasons why you may not want this to happen, both from a security, and application point of view. To be a non-root user […]

Docker User Namespaces

With the default settings of Docker daemon, it is possible for a “container breakout” – this means that the container gains root privileges on the host file system. This allows the container to do things like access another user’s files, install malicious scripts and make it globally executable, or even perform the infamous “rm -rf […]

Logging for Docker

When moving from a development to production environment, it becomes important to log commands issued to Docker for auditing purposes. Some reasons for doing so are: compliance to government requirements, auditing and tracing of issues, requirement of industry standards, client/end-user requirement, and so on. Docker offers two types of logging mechanisms – Containers, and Docker daemon. […]

Dockerizing a MVC Web Application

In this post, I will explain how I recently “Dockerized” a standard MVC web application. This is more of a “how-to Dockerize” than a “why Dockerize” post. For my web application, I have a Postgres database, with PostGIS extension, running as the data store layer, a Nodejs RESTful API layer as my controller, and a […]

Docker Swarm with Cent OS 7

Recently, I have been trying to set up a Swarm Cluster with Cent OS 7. However, I met with some connectivity issues between the Swarm Manager and the Consul service discovery container. Using docker logs on the Swarm Manager, I got the following error: level=error msg=”Discovery error: Get http://192.168.56.102:8500/v1/kv/docker/swarm/nodes?consistent=: dial tcp 192.168.56.102:8500: getsockopt: no route to host” level=error msg=”Discovery error: […]