Answer the question
In order to leave comments, you need to log in
Security. Docker or VM?
I'm going to deploy lamp + ngnix.
For the site, maximum protection against penetration is planned.
I plan to spread each service and files into a separate container or virtual machine.
That is, the distribution will be as follows:
apache/ngnix/mysql/php/storage
Question 1: Does this make sense as such security lines.
Question 2: What should I use to isolate docker or VM?
Answer the question
In order to leave comments, you need to log in
In theory, virtualization provides better isolation, that is, from the point of view of the consequences of hacking a virtual machine, the host and other virtual machines will be more protected, but virtual machines start up slowly and have high overhead.
On the other hand, if you organize the connections between containers in Docker correctly, then by hacking the Nginx container, accessing the database just won’t work, so it’s also quite a good option.
In general, everything depends on the level of paranoia, but as for me, the prompt update of vulnerable software is much more important.
Personally, I prefer the convenience of containers.
if each service is separate, then of course the docker, on virtual streets you are tormented to support it.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question