Docker is a powerful containerisation tool which can help you deploy web server applications in a highly secure and flexible way. In this tutorial I’m going to show you how to install Docker on cpanel servers as well as how to run your first Docker container.
Docker places new applications and their dependencies in lightweight, isolated process environments called “containers”. When running an app in a Docker container, you will have complete control over its usage of resources, access permissions, and exposure to the network.
It can greatly improve the security, stability and versatility of your cPanel server. In this guide, I’ll share a few of the benefits of using Docker before explaining how to install Docker on cPanel.
There are a several reasons to install a containerisation tool like Docker on cPanel, including:
Allows you to install different versions of applications
Docker allows to run multiple versions of the same application in separate containers. For example, you could have MySQL 5.7 installed on cPanel and place MySQL 5.5 in a separate Docker container, along with all of its dependencies.
This can be very useful if you have applications which only work with a specific version of PHP, MySQL, Apache or Nginx on cPanel. You can also accomodate the needs of certain users without dramatically altering the server environment for everyone.
Lightweight resource utilisation
One of the greatest advantages of using Docker is that containers isolate at the process level and use the host’s kernel. In short, you won’t need to virtualise an entire operating system to run vastly different pieces of software on the server, therefore improving resource utilisation.
Portability
As explained earlier,Docker containers hold the application along with all of its dependencies. As a result, you can move an application across servers running Docker without running into compatibility issues.
Easy installation of different application stacks
cPanel operates a LAMP stack (Linux, Apache, MySQL, PHP) by default. However, there are many other options that you may be interested in trying, including:
With this in mind, you can use Docker to experiment with these different combinations without interfering with your cPanel setup ensuring that your server remains stable for other users even as you are installing new software.
Improved server security
Being able to set container specific permissions improves server security. If an application that has been placed into a container is compromised, your host will remain intact because of container isolation.
Limit resources used by a single application
Docker makes it easy to limit the resource usage of application processes. This is particularly useful for making a server more robust and capable of fending off denial of service attacks.
Predictable server performance
The cPanel server and Docker containers are isolated from one another This means you can update cPanel or the applications inside containers without accidentally causing an issues with dependencies.
To get the latest version of Docker, install it from the official Docker repository.
Run the following command to download and install the latest version of Docker:
curl -fsSL https://get.docker.com/ | sh
Once this process has completed, start the Docker daemon with the following command:
sudo systemctl start docker
You can verify that it is running with:
sudo systemctl status docker
If Docker is running correctly, it will return output similar to the following:
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-03-07 23:33:01 CET; 1 months 0 days ago
Docs: https://docs.docker.com
Main PID: 2824 (dockerd)
Finally, let’s enable Docker in systemctl so it starts with every server reboot:
sudo systemctl enable docker
In addition to the Docker daemon, you will also have access to the Docker command lint utility and Docker client.
Due to the way used by Docker to isolate running containers, in case you have ConfigServ Firewall on your server you will have to make an adjustment in order to avoid issues.
Edit /etc/csf/csf.conf file and search for the following configuration:
DOCKER = "0"
In order to get ConfigServ Firewall working with Docker you will need to adjust the setting to “1”:
DOCKER = "1"
Next, we will need to whitelist the Docker network in order to allow communication between your server and docker network. To do so, run the following command:
csf -a 172.17.0.0/24
Finally, restart ConfigServ Firewall so that the new configuration is applied using the command below
csf -ra
Each Docker container will run from a Docker image. These images will be pulled from Docker Hub by default. Docker Hub is a registry managed by Docker Inc, the company created Docker. Anyone can use the Docker Hub to host images and there are already Docker images available for most applications and Linux distributions furthermore you also have the option to customize and upload your own image.
Docker images are created by either Individuals and also by companies that own and maintain the software provided with the docker image.
With this in mind, extra care should be taken when using images from individuals or unverified sources for the purpose of security given that your app will run using the software provided by these images.
You can read more information about Docker Images security here
In the example below, we will run a Docker image with MySQL 5.5. The image is available through the Official MySQL Docker repo for this reason there are no risks involved with this particular image.
To install MySQL 5.5 using Docker on your cPanel server execute the following command:
docker run -dit --restart unless-stopped --name mysql-5.5-example -p 127.0.0.1:3308:3306 -e MYSQL_ROOT_PASSWORD=Lop32vKvaVfosLdpqdcwLcx -d mysql:5.5
Your docker container should now be running with MySQL 5.5. You may verify by running the following command:
docker ps
The output should be similar to this:
You can connect to your MySQL 5.5 Docker container server by running the following command:
mysql -h 127.0.0.1 -p 3308 -u root -p'Lop32vKvaVfosLdpqdcwLcx'
When configuring an application to connect to your new MySQL Server, you’ll need to use the new port (3308) and the credentials mentioned above.
Docker containers operate like resource-friendly virtual machines. This means they can be interacted with like a virtual machine. For example, you can run obtain an interactive shell into the container by simply adding the -t and -i switches.
Managing MySQL Server in Docker Container
Here is a quick example showing how you might interact with a service like the one we created running MySQL that is residing in a Docker Container.
If you wanted to stop the MySQL container we created, you would use:
docker stop mysql-5.5-example
Restarting the servers is as simple as typing:
docker start mysql-5.5-example
In case there is a problem with the container, view the logs by using:
docker logs mysql-5.5-example
To inspect the container’s configuration run:
docker inspect mysql-5.5-example
It’s important to realize that you have to be extra careful when running software versions that have reached EOL such as MySQL 5.5.
In case you want more information on running different types of apps in Docker and to obtain images, check out the Docker Hub.
As part of our cPanel server management support we can assist you with deploying highly scalable docker containers on your servers. Check our website for more information.
These cookies relate to the storage of (or access to) information either for the sole purpose of carrying out the transmission of a communication over an electronic communications network or in order for us to provide a service explicitly requested by you. Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
These cookies are exempt from the requirement of consent, which means that you cannot reject their use, since it would not be possible for us to provide our services.
Cookie | Type | Duration | Description | Cookie ID |
---|---|---|---|---|
cookielawinfo-checkbox-advertisement | 1 | 11 months 29 days 23 hours 59 minutes | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category ''Advertisement''. | cookielawinfo-checkbox-advertisement |
cookielawinfo-checkbox-analytics | 1 | 11 months 29 days 23 hours 59 minutes | This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category ''Analytics''. | cookielawinfo-checkbox-analytics |
cookielawinfo-checkbox-necessary | 0 | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data. | cookielawinfo-checkbox-necessary |
cookielawinfo-checkbox-non-necessary | 0 | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary". | cookielawinfo-checkbox-non-necessary |
cookielawinfo-checkbox-other | 1 | 11 months 29 days 23 hours 59 minutes | No description | cookielawinfo-checkbox-other |
viewed_cookie_policy | 0 | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data. | viewed_cookie_policy |
wp_woocommerce_session_9395ef9dc7e3839eb429f53aa1742b7d | 1 | 1 days 23 hours 59 minutes | This cookie is set by Woocommerce to keep track of cart items. | wp_woocommerce_session_9395ef9dc7e3839eb429f53aa1742b7d |
These cookies collect information about the way you use the Website, e.g. the pages you visit the most, the website from which your visit originated and other related information. These cookies collect aggregate, anonymous, statistical data which cannot be used to identify visitors individually. They are used for the sole purpose of analysing traffic and improving the Website performance.
Cookie | Type | Duration | Description | Cookie ID |
---|---|---|---|---|
_ga | 1 | 1 years 11 months 28 days 23 hours 59 minutes | This cookie collects information on how visitors use the website and their storage duration is defined by Google’s usage policy. Google Analytics’ cookies collect certain information, including a pseudonymized IP address, the number of visitors to the Website, where they came from, and the pages they visited within the Website. We use the information to compile reports that help us improve our Website. For more information please see Google privacy policy | _ga |
_gid | 1 | 23 hours 59 minutes | This cookie collects information on how visitors use the website and their storage duration is defined by Google’s usage policy. Google Analytics’ cookies collect certain information, including a pseudonymized IP address, the number of visitors to the Website, where they came from, and the pages they visited within the Website. We use the information to compile reports that help us improve our Website. For more information please see Google privacy policy | _gid |
These cookies are used to track your behavior across websites and deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited our Website and this information is shared with other organisations such as advertisers.
Cookie | Type | Duration | Description | Cookie ID |
---|---|---|---|---|
fr | 1 | 2 months 28 days 23 hours 59 minutes | The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin. | fr |
_fbp | 1 | 2 months 28 days 23 hours 59 minutes | This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website. | _fbp |