Docker Best Practices
Jump to navigation
Jump to search
- Docker Best Practices
This article outlines best practices for running MediaWiki and related services within a Docker environment. Docker offers a powerful and consistent way to deploy and manage applications, but requires careful consideration for optimal performance and security. This guide is geared towards system administrators and developers new to Dockerizing MediaWiki.
Why Use Docker with MediaWiki?
Docker provides several advantages for MediaWiki deployments:
- Consistency: Ensures a consistent environment across development, testing, and production.
- Isolation: Isolates MediaWiki and its dependencies from the host system, reducing conflicts.
- Portability: Makes it easy to move MediaWiki deployments between different servers or cloud providers.
- Scalability: Simplifies scaling MediaWiki using Docker Compose or orchestration tools like Kubernetes.
- Rollbacks: Facilitates easy rollbacks to previous versions of the application.
Base Image Selection
Choosing the right base image is crucial. Consider the following:
- Official Images: Prefer official images from Docker Hub whenever possible. For PHP, the official PHP images are a good starting point. See PHP Documentation for more details.
- Slim Images: Use slim or alpine-based images to reduce image size and attack surface. Alpine Linux is a very small distribution.
- Security Updates: Regularly update base images to address security vulnerabilities. Check Security Updates for MediaWiki related security issues.
- Dependencies: Include only the necessary dependencies for MediaWiki to function. Avoid unnecessary bloat. See Required PHP Extensions for a list of extensions.
Here's a comparison of common base image choices:
| Image | Size (Approx.) | OS | Notes |
|---|---|---|---|
| php:8.2-fpm-alpine | ~150MB | Alpine Linux | Smallest size, may require more manual dependency installation. |
| php:8.2-fpm | ~300MB | Debian | More common dependencies pre-installed. |
| ubuntu:22.04 | ~700MB | Ubuntu | Largest size, most flexibility but requires significant configuration. |
Dockerfile Best Practices
A well-structured Dockerfile is essential.
- Use .dockerignore: Exclude unnecessary files and directories from the build context using a `.dockerignore` file. This significantly speeds up build times and reduces image size. See .dockerignore file for more details.
- Layer Caching: Order Dockerfile instructions to leverage layer caching. Place frequently changing instructions near the end of the file.
- Multi-Stage Builds: Use multi-stage builds to separate build dependencies from runtime dependencies. This results in smaller and more secure images.
- Non-Root User: Run the MediaWiki process as a non-root user for enhanced security. See User Permissions.
- Explicit Versions: Specify explicit versions for all dependencies to ensure reproducibility.
Database Configuration
MediaWiki requires a database. Docker simplifies database deployments.
- Separate Container: Run the database in a separate Docker container. This isolates the database and allows for independent scaling. See Database Setup.
- Volumes: Use Docker volumes to persist database data. This ensures that data is not lost when the container is stopped or removed. See Docker Volumes.
- Environment Variables: Configure database connection parameters using environment variables. This makes it easy to change the database configuration without modifying the Dockerfile.
Here's a table showing common database configurations for MediaWiki:
| Database | Docker Image | Port | Notes |
|---|---|---|---|
| MySQL/MariaDB | `mariadb:10.6` | 3306 | Widely used, robust, and well-supported. |
| PostgreSQL | `postgres:14` | 5432 | Offers advanced features and scalability. |
| SQLite | (No separate container needed) | N/A | Suitable for small, single-user installations. Not recommended for production. |
Networking and Volumes
Proper networking and volume management are critical.
- Docker Networks: Create Docker networks to allow containers to communicate with each other. This improves security and simplifies service discovery. See Docker Networking.
- Named Volumes: Use named volumes for persistent data storage. Named volumes are easier to manage than bind mounts.
- Mount Points: Carefully consider which directories to mount as volumes. Mount only the directories that need to be persistent. See Mount Points explained.
Here's a summary of important volume considerations:
| Volume | Purpose | Recommendation |
|---|---|---|
| `/var/www/html` | MediaWiki files | Mount as a named volume or bind mount. |
| `/var/lib/mysql` (or equivalent for other databases) | Database data | Mount as a named volume. |
| `/var/log/mediawiki` | MediaWiki logs | Mount as a named volume. |
Security Considerations
- Regular Updates: Keep Docker and all images up to date.
- Least Privilege: Run containers with the least necessary privileges.
- Network Policies: Implement network policies to restrict container communication.
- Secrets Management: Use a secrets management solution to securely store and manage sensitive information, such as database passwords. See Secrets Management.
- Image Scanning: Scan images for vulnerabilities before deploying them. Vulnerability Scanning.
Further Reading
- Docker Documentation
- Docker Compose Documentation
- MediaWiki Installation Guide
- Troubleshooting Common Issues
- Performance Optimization
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️