You read a bunch of manuals, but missed the most important thing - the official documentation. How so? It just says how to do it and why. The questions have already been answered, but I'll go through again, since I spent so much time reading the answers:>
1) https://docs.docker.com/engine/userguide/dockervolumes/
2) https://docs.docker.com/engine /articles/host_integ...
3) The answer is simple - whatever you want. As only you know better, sounds trite, but it's true. If you want to stuff everything into one container, that's up to you. Although they recommend 1 component per 1 container. This has its own logic - you only want to update mysql - you update this container and don't think if your uwsgi or nginx is broken or something else.
4) Write your first Dockerfile, it will become much clearer how to choose. In the meantime, trust only official images.
5) git? This question is a consequence of misunderstanding of the question 1)
6) Already answered. The simplest, if you don't understand, don't use dockerhub at all. Or start understanding. :) Or pay for private repositories so you don't have to think about it.

1) data-only containers
2) solve the problem of raising the server itself with Docker running, set the policy to always restart in containers - they will start together with Docker itself
3) ideally, by container per process or logical part, for example, MariaDB is one, Python server this is the second and so on
4) carefully study the internals, except for the official ones, choose only those that have automatic builds with an open Dockerfile and are kept up to date, sometimes you have to make your own
5) the answer is the same as 1) + backup / restore from volumes
6) do not embed sensitive data in images and will not get
As a good example, you can see my development (although it is focused on PHP, but the essence is the same, see how it works): https://github.com/nazar-pc/docker-webserver

> docker. How to use it on a web server?
No way. Docker is a toy technology not intended for real-world use. By installing docker, you are clearly telling yourself "I don't care about security updates, I don't need them."
If you need containerization then there is lxc.

About the level of management of the entire infrastructure. There is a lot of talk about Google Kubernetes these days. However, I personally liked the not so hyped, but very fancy Rancher more. I think it suits you well. He will:
a. Connect machines from different cloud providers to one web(!)-console.
b. Manage most of the parameters of both containers directly and larger bundles.
with. Manage volumes for storing persistent data. The problem of transferring data between hosts can be solved there by raising the GlusterFS cluster in 3 clicks, for example. It also has its own development for the sink - Convoy.
d. Control the functioning of services and hosts by automatically starting containers on other hosts.
e. Raise between hosts (let me remind you that they can be located in different DCs from different providers) your private network, where all hosts and all services can "see" each other.
f. Balance load across multiple containers on different machines.
There is no magic there. Everything can be configured and so. However, as a starter solution that will hide a lot of configuration complexities, it should work well.

questions 3,4,6 - for the psychic forum
on the first two: one and two , and there are still links from there,
we use Muskul outside containers,
and, frankly, I don’t know when to use it inside (unless what if you are a hoster): if the project is small - it does not eat the database much, and if the project is such that the database is gigabyte - skipping through the docker pad is not taking care of data safety.
but nginx and wsgi (with Jungs and Flasks) feel great in containers

I'll try on the fingers
of the database - in normal containers like lxc / openvz or in a separate vps. purely because backups and replication are there in normal mode with normal access, plus, again, the ip address is static, which is not in the docker and is unlikely to be.
docker containers are a repeatable virtual machine of the name of a single process. That is, you clearly say in the dockerfile what, why to execute and what exactly to run in the background, i.e. in the foreground, the service apache2 start option does not work, the container will stop after the application leaves the background, also read about the docker pid 1 problem and why this is everything is launched in a binding from the same bash.
Docker is very strongly tied to his hub and git, so that "git pull & start app with one button" on some internal IP from the gray network.

dou.ua/lenta/articles/docker
+
dou.ua/lenta/articles/vagrant