Docker is a powerful containerisation tool which can help you deploy web server applications in a highly secure and flexible way. In this tutorial I’m going to show you how to install Docker on cpanel servers as well as how to run your first Docker container.
Docker places new applications and their dependencies in lightweight, isolated process environments called “containers”. When running an app in a Docker container, you will have complete control over its usage of resources, access permissions, and exposure to the network.
It can greatly improve the security, stability and versatility of your cPanel server. In this guide, I’ll share a few of the benefits of using Docker before explaining how to install Docker on cPanel.
There are a several reasons to install a containerisation tool like Docker on cPanel, including:
Allows you to install different versions of applications
Docker allows to run multiple versions of the same application in separate containers. For example, you could have MySQL 5.7 installed on cPanel and place MySQL 5.5 in a separate Docker container, along with all of its dependencies.
This can be very useful if you have applications which only work with a specific version of PHP, MySQL, Apache or Nginx on cPanel. You can also accomodate the needs of certain users without dramatically altering the server environment for everyone.
Lightweight resource utilisation
One of the greatest advantages of using Docker is that containers isolate at the process level and use the host’s kernel. In short, you won’t need to virtualise an entire operating system to run vastly different pieces of software on the server, therefore improving resource utilisation.
As explained earlier,Docker containers hold the application along with all of its dependencies. As a result, you can move an application across servers running Docker without running into compatibility issues.
Easy installation of different application stacks
cPanel operates a LAMP stack (Linux, Apache, MySQL, PHP) by default. However, there are many other options that you may be interested in trying, including:
With this in mind, you can use Docker to experiment with these different combinations without interfering with your cPanel setup ensuring that your server remains stable for other users even as you are installing new software.
Improved server security
Being able to set container specific permissions improves server security. If an application that has been placed into a container is compromised, your host will remain intact because of container isolation.
Limit resources used by a single application
Docker makes it easy to limit the resource usage of application processes. This is particularly useful for making a server more robust and capable of fending off denial of service attacks.
Predictable server performance
The cPanel server and Docker containers are isolated from one another This means you can update cPanel or the applications inside containers without accidentally causing an issues with dependencies.
To get the latest version of Docker, install it from the official Docker repository.
Run the following command to download and install the latest version of Docker:
curl -fsSL https://get.docker.com/ | sh
Once this process has completed, start the Docker daemon with the following command:
sudo systemctl start docker
You can verify that it is running with:
sudo systemctl status docker
If Docker is running correctly, it will return output similar to the following:
● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-03-07 23:33:01 CET; 1 months 0 days ago Docs: https://docs.docker.com Main PID: 2824 (dockerd)
Finally, let’s enable Docker in systemctl so it starts with every server reboot:
sudo systemctl enable docker
In addition to the Docker daemon, you will also have access to the Docker command lint utility and Docker client.
Due to the way used by Docker to isolate running containers, in case you have ConfigServ Firewall on your server you will have to make an adjustment in order to avoid issues.
Edit /etc/csf/csf.conf file and search for the following configuration:
DOCKER = "0"
In order to get ConfigServ Firewall working with Docker you will need to adjust the setting to “1”:
DOCKER = "1"
Next, we will need to whitelist the Docker network in order to allow communication between your server and docker network. To do so, run the following command:
csf -a 172.17.0.0/24
Finally, restart ConfigServ Firewall so that the new configuration is applied using the command below
Each Docker container will run from a Docker image. These images will be pulled from Docker Hub by default. Docker Hub is a registry managed by Docker Inc, the company created Docker. Anyone can use the Docker Hub to host images and there are already Docker images available for most applications and Linux distributions furthermore you also have the option to customize and upload your own image.
Docker images are created by either Individuals and also by companies that own and maintain the software provided with the docker image.
With this in mind, extra care should be taken when using images from individuals or unverified sources for the purpose of security given that your app will run using the software provided by these images.
You can read more information about Docker Images security here
In the example below, we will run a Docker image with MySQL 5.5. The image is available through the Official MySQL Docker repo for this reason there are no risks involved with this particular image.
To install MySQL 5.5 using Docker on your cPanel server execute the following command:
docker run -dit --restart unless-stopped --name mysql-5.5-example -p 127.0.0.1:3308:3306 -e MYSQL_ROOT_PASSWORD=Lop32vKvaVfosLdpqdcwLcx -d mysql:5.5
Your docker container should now be running with MySQL 5.5. You may verify by running the following command:
The output should be similar to this:
You can connect to your MySQL 5.5 Docker container server by running the following command:
mysql -h 127.0.0.1 -p 3308 -u root -p'Lop32vKvaVfosLdpqdcwLcx'
When configuring an application to connect to your new MySQL Server, you’ll need to use the new port (3308) and the credentials mentioned above.
Docker containers operate like resource-friendly virtual machines. This means they can be interacted with like a virtual machine. For example, you can run obtain an interactive shell into the container by simply adding the -t and -i switches.
Managing MySQL Server in Docker Container
Here is a quick example showing how you might interact with a service like the one we created running MySQL that is residing in a Docker Container.
If you wanted to stop the MySQL container we created, you would use:
docker stop mysql-5.5-example
Restarting the servers is as simple as typing:
docker start mysql-5.5-example
In case there is a problem with the container, view the logs by using:
docker logs mysql-5.5-example
To inspect the container’s configuration run:
docker inspect mysql-5.5-example
It’s important to realize that you have to be extra careful when running software versions that have reached EOL such as MySQL 5.5.
In case you want more information on running different types of apps in Docker and to obtain images, check out the Docker Hub.
As part of our cPanel server management support we can assist you with deploying highly scalable docker containers on your servers. Check our website for more information.