I am running my websites from my Raspberry Pi mini PC, and in this post, I am going to explain how I organize the apps and manage security using docker swarm network. In my setup I choose nginx container as webserver created on top of light weight alphine linux containers. This performs very well on Raspberry pi with less memory and cpu consumption. Also use mariodb for database and share the database with all the apps. Also use separate phpfpm container for backend. Below is the network diagram of my setup.
In the above diagram all the colors represent a different virtual docker network and the containers will be connected to only the needed network. All the traffic will be received by an nginx reverse proxy server where I am terminating the SSL. Also I run the cerbot in the server which handles renewal of SSL certificate. This allows me to keep the other SSL slimmer as I don’t need certbot installed in the app specific nginx servers. Also I don’t need to use SSL connection for the communication between the containers.
After that the reverse proxy server will route the request to the appropriate app specific nginx server. The nginx server will server static files and will act as a reverse proxy server for dynamic contents which will be served by the php-fpm servers. Sometime I also use Java Spring boot for backend instead of php.
The php fpm servers can connect to the database server if required.
This setups gives peace of mind and provide many layer of security. Also if one of the app is affected for any reasons other apps will be secured and the code is not accessible from affected servers.