Optimizing Docker for High Security: Combining Docker and SafeLine

Docker is an open-source application container engine built with Go and follows the Apache 2.0 protocol. It enables developers to package their applications and dependencies into lightweight, portable containers. These containers can be deployed on any…


This content originally appeared on DEV Community and was authored by Lulu

Docker is an open-source application container engine built with Go and follows the Apache 2.0 protocol. It enables developers to package their applications and dependencies into lightweight, portable containers. These containers can be deployed on any popular Linux machine, offering a form of lightweight virtualization. Each container operates in complete isolation (similar to iPhone apps), and most importantly, the performance overhead is minimal.

Docker Installation

Here's how to install Docker on CentOS:

1.Install Docker Image

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

2.Set Up Stable Repositories

sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3.Install Required Packages

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

4.Remove Old Docker Versions (if any)

yum remove docker docker-client docker-common docker-latest docker-engine

5.List Available Docker Versions

yum list docker-ce --showduplicates | sort -r

6.Install Selected Version (e.g., 19.03.13)

yum install docker-ce-19.03.13 docker-ce-cli-19.03.13 containerd.io

7.Alternatively, Install the Latest Version

yum -y install docker-ce

8.Start and Enable Docker

systemctl start docker
systemctl enable docker

Optimization (Tuning Docker for SafeLine)

When deploying services, it’s best to tune the system for minimal service disruption. Below are some optimizations to improve Docker's performance.

Step 1: Directory Migration

# Stop Docker service
systemctl stop docker

# Create new directory for Docker data
mkdir -p /home/jamelli/docker/data/lib

# Copy existing Docker data to the new directory
rsync -r -avz /var/lib/docker /home/jamelli/docker/data/lib

Step 2: Configure Docker to Use New Directory

cat <<EOF > /etc/systemd/system/docker.service.d/devicemapper.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --graph=/home/jamelli/docker/data/lib/docker
EOF

# Reload and restart Docker
systemctl daemon-reload
systemctl restart docker

Log Optimization

To manage log file size and avoid excessive disk usage, configure log rotation:

cat <<EOF > /etc/docker/daemon.json
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "100m",
        "max-file": "3"
    }
}
EOF

Disk Optimization

Use these commands to clean up unused containers, volumes, and images:

docker system df
docker system prune
docker system prune -a

To check detailed disk usage:

docker system df -v

Docker Commands You Should Know

  • docker system df: Check Docker’s memory usage
  • docker image: View Docker image contents
  • docker info: Get Docker system information
  • docker stats: View container resource usage (CPU, memory)
  • docker logs --tail=10 -f <container-name>: View container logs in real-time

SafeLine WAF Integration

Now that Docker is installed and optimized, you can further secure your infrastructure by deploying SafeLine WAF, a powerful and free web application firewall. Here's how to install SafeLine on your Dockerized system:

1.Install SafeLine

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"

2.Access SafeLine
After installation, open port 9443 on your firewall to access the SafeLine management interface:

# Open port 9443
firewall-cmd --zone=public --add-port=9443/tcp --permanent
firewall-cmd --reload

Then, access SafeLine at:

https://<your-server-ip>:9443/

3.Protect Your Web Apps
With SafeLine, your Dockerized applications will be protected against common attacks like SQL injections, XSS, and DDoS threats. SafeLine’s traffic processing engine, built on Nginx, ensures that your applications are secure while maintaining high performance.

Solving Common Docker Issues

When pulling Docker images, if you encounter the following error:

Error response from daemon: net/http: TLS handshake timeout

You can resolve this by adding a Docker mirror:

sudo vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}

Then reload and restart Docker:

systemctl daemon-reload
systemctl restart docker


This content originally appeared on DEV Community and was authored by Lulu


Print Share Comment Cite Upload Translate Updates
APA

Lulu | Sciencx (2024-09-12T09:31:35+00:00) Optimizing Docker for High Security: Combining Docker and SafeLine. Retrieved from https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/

MLA
" » Optimizing Docker for High Security: Combining Docker and SafeLine." Lulu | Sciencx - Thursday September 12, 2024, https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/
HARVARD
Lulu | Sciencx Thursday September 12, 2024 » Optimizing Docker for High Security: Combining Docker and SafeLine., viewed ,<https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/>
VANCOUVER
Lulu | Sciencx - » Optimizing Docker for High Security: Combining Docker and SafeLine. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/
CHICAGO
" » Optimizing Docker for High Security: Combining Docker and SafeLine." Lulu | Sciencx - Accessed . https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/
IEEE
" » Optimizing Docker for High Security: Combining Docker and SafeLine." Lulu | Sciencx [Online]. Available: https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/. [Accessed: ]
rf:citation
» Optimizing Docker for High Security: Combining Docker and SafeLine | Lulu | Sciencx | https://www.scien.cx/2024/09/12/optimizing-docker-for-high-security-combining-docker-and-safeline/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.