0 1 00:00:02,030 --> 00:00:02,430 All right. 1 2 00:00:02,440 --> 00:00:03,880 Last one and then we're done. 2 3 00:00:03,880 --> 00:00:05,250 All right Vlad. 3 4 00:00:05,470 --> 00:00:10,390 Thanks for waiting so we're on PHP FPM now another PSP user. 4 5 00:00:10,810 --> 00:00:20,510 We're doing PHP FPM Alpine so this is a small image to start and then they load FPM on top of it and 5 6 00:00:20,510 --> 00:00:22,610 then you're setting all of your versions up here. 6 7 00:00:22,610 --> 00:00:24,040 Great. 7 8 00:00:24,050 --> 00:00:28,700 Your directories setting up a bunch of different environment variables that you can override. 8 9 00:00:28,790 --> 00:00:32,890 And then as a whole this is exactly this is HP. 9 10 00:00:33,200 --> 00:00:35,290 This is this is true production HP. 10 11 00:00:35,300 --> 00:00:36,530 Good job on that. 11 12 00:00:36,530 --> 00:00:38,650 That's exactly how mine would look. 12 13 00:00:40,370 --> 00:00:48,140 Now yeah you're setting P2P dependencies and then you're doing a P.K. down here. 13 14 00:00:48,250 --> 00:00:54,190 Now I would probably do versions I would pin versions again down here and then 14 15 00:01:03,610 --> 00:01:04,980 lots and lots of dependencies. 15 16 00:01:04,990 --> 00:01:09,880 I would pin the ones that your app uses in production all of the little stuff like curl and get and 16 17 00:01:09,880 --> 00:01:10,570 stuff. 17 18 00:01:10,570 --> 00:01:16,700 You probably need a pen and you've got your pens down your PSP three so good for that good there. 18 19 00:01:16,870 --> 00:01:25,020 And then even more extensions we got people in there we got all the proper Docker PSP extension installer. 19 20 00:01:25,020 --> 00:01:29,120 So that's good then you're adding a composer user. 20 21 00:01:29,250 --> 00:01:30,340 Great. 21 22 00:01:30,570 --> 00:01:31,590 Right here. 22 23 00:01:31,590 --> 00:01:39,070 So it's important to remember for everyone else that oh look at that in Alpine we cannot pen versions 23 24 00:01:39,070 --> 00:01:39,930 of Alpine packages. 24 25 00:01:39,930 --> 00:01:41,780 I did not know that. 25 26 00:01:41,950 --> 00:01:48,340 That seems odd but I don't have enough information to to do that. 26 27 00:01:48,340 --> 00:01:49,950 So this is an interesting point. 27 28 00:01:50,020 --> 00:02:00,480 And if you watch my doctor over here I mentioned earlier and oh right here on the doctor talk so you 28 29 00:02:00,480 --> 00:02:09,960 can go over to Dockers Web site and watch my talk from Dockercon and I give a 10 minute argument on minimal 29 30 00:02:10,230 --> 00:02:11,850 images versus Alpine. 30 31 00:02:11,880 --> 00:02:15,810 So if you're an HP and you're using the HP 31 32 00:02:18,870 --> 00:02:32,670 images you might consider a Debian minimal image such as a slim uh. 32 33 00:02:32,770 --> 00:02:39,010 Now they just have Alpine so unfortunately they're not using a slim option but with node and some other 33 34 00:02:39,010 --> 00:02:44,500 ones there are slim options and sometimes I prefer those in fact most of them I prefer those over Alpine 34 35 00:02:44,800 --> 00:02:48,200 because the difference is like 50 meg overall total. 35 36 00:02:48,280 --> 00:02:50,610 So it's not I don't do it for size reasons. 36 37 00:02:50,620 --> 00:02:56,830 And then lately with alpine between Alpine security issues the fact that you can't see V scan it very 37 38 00:02:56,830 --> 00:02:57,360 well. 38 39 00:02:58,420 --> 00:03:01,030 And so it actually to me right now is a container. 39 40 00:03:01,030 --> 00:03:06,850 Alpine is less secure than the most current Debian release of a base image. 40 41 00:03:06,850 --> 00:03:07,630 That's my opinion. 41 42 00:03:07,810 --> 00:03:09,790 But I talk more about that and my Dockercon talk. 42 43 00:03:10,090 --> 00:03:15,520 So scroll up in the chat or I'll throw it back in here one more time for those of you that have just 43 44 00:03:15,520 --> 00:03:17,430 joined. 44 45 00:03:17,890 --> 00:03:22,930 But I'm I might consider that if I can't pin versions because I'm just so paranoid because I've had 45 46 00:03:22,930 --> 00:03:27,820 production outages due to version incompatibilities that I pin everything 46 47 00:03:31,370 --> 00:03:31,690 all right. 47 48 00:03:31,820 --> 00:03:34,730 So yeah I got composer and you're changing chose down here. 48 49 00:03:34,740 --> 00:03:35,270 Yep. 49 50 00:03:35,270 --> 00:03:36,260 Change and permissions. 50 51 00:03:36,260 --> 00:03:38,030 Like you need to. 51 52 00:03:38,030 --> 00:03:38,420 Good. 52 53 00:03:38,420 --> 00:03:45,870 Good good you're copying over some of some stuff here. 53 54 00:03:45,880 --> 00:03:49,550 Now you know you can actually make this. 54 55 00:03:50,220 --> 00:03:54,680 Excuse me a copy command and actually now. 55 56 00:03:54,730 --> 00:03:55,240 Never mind. 56 57 00:03:55,240 --> 00:03:57,190 Don't do that. 57 58 00:03:57,220 --> 00:03:58,820 Keep it like it is. 58 59 00:04:00,710 --> 00:04:02,390 You're echoing in a memory limit. 59 60 00:04:02,390 --> 00:04:02,990 That's good. 60 61 00:04:03,020 --> 00:04:03,700 You can overstep. 61 62 00:04:03,710 --> 00:04:06,020 You can set that and override that. 62 63 00:04:06,020 --> 00:04:08,340 You've got a lot of copy files here. 63 64 00:04:08,360 --> 00:04:13,670 It doesn't look like there's a whole lot of opportunity here for consolidating but you could consolidate 64 65 00:04:13,670 --> 00:04:19,760 if they were going to the same directory like right. 65 66 00:04:19,890 --> 00:04:24,900 Well you got some different names on the outs so yeah if you clean it up pretty well. 66 67 00:04:24,960 --> 00:04:34,300 I was just looking for some opportunity to reduce the number of copies of they were doing setup for 67 68 00:04:34,300 --> 00:04:35,520 Cron. 68 69 00:04:35,590 --> 00:04:44,610 Looks like and then doing some last minute shown for the incoming app files. 69 70 00:04:44,610 --> 00:04:45,370 And what did we do. 70 71 00:04:45,380 --> 00:04:53,000 Do we do or copy our our code worked or at folder. 71 72 00:04:53,000 --> 00:04:56,440 You've got a health check in your doctor file a plus. 72 73 00:04:56,450 --> 00:04:59,020 So I love seeing health checks and Doctor files. 73 74 00:04:59,060 --> 00:05:03,770 Cuba daddies won't take advantage of them but doctors swarm will and that way you don't have to depend 74 75 00:05:03,770 --> 00:05:06,440 on an operations person to figure those out later. 75 76 00:05:06,470 --> 00:05:09,770 So yeah at some oh it's a core image. 76 77 00:05:09,800 --> 00:05:13,240 OK so you wouldn't be cupping your ear code into there. 77 78 00:05:13,250 --> 00:05:14,150 Great. 78 79 00:05:14,300 --> 00:05:15,170 And then yeah. 79 80 00:05:15,170 --> 00:05:19,640 And so it looks like what you're doing here is it's up also something that I've used in production many 80 81 00:05:19,640 --> 00:05:27,190 times especially with BHP is you're using supervisor as the base process and it's acting as the unit 81 82 00:05:27,500 --> 00:05:30,290 and then it's launching the various things you need to launch. 82 83 00:05:30,440 --> 00:05:39,350 And I'm assuming that since you have cron and you're gonna have PPF p.m. so there's probably some other 83 84 00:05:39,350 --> 00:05:43,100 stuff here you're doing with supervisor engine X is gonna need to run. 84 85 00:05:43,400 --> 00:05:48,350 So you're going to have at least three processes I bet as some processes and that's the right way to 85 86 00:05:48,350 --> 00:05:48,650 do it. 86 87 00:05:48,650 --> 00:05:50,880 To add sub supervisor in there. 87 88 00:05:51,050 --> 00:05:55,480 Now if you were trying to avoid supervisor it does get tricky on swarm. 88 89 00:05:55,490 --> 00:05:56,690 Oh and this log. 89 90 00:05:56,690 --> 00:05:56,940 Yeah. 90 91 00:05:56,970 --> 00:06:00,670 So I'm not sure why you're running the slug. 91 92 00:06:01,180 --> 00:06:07,160 And you're not using Docker drivers but I'm sure you have a good reason. 92 93 00:06:08,170 --> 00:06:14,660 But if you're using this log to then get them out into Dockers logging using FTD out. 93 94 00:06:14,680 --> 00:06:20,020 That's really what you should be using FTD Aristide's out for logging and ideally not using this log 94 95 00:06:20,020 --> 00:06:26,430 inside the image but that's the recommended best practice. 95 96 00:06:26,450 --> 00:06:33,740 There are a few cases I've seen where it's necessary to use our source log but yeah overall it's a very 96 97 00:06:33,740 --> 00:06:34,270 standard. 97 98 00:06:34,280 --> 00:06:38,340 I think BHP file and it's looking like you're doing a lot of good stuff here. 98 99 00:06:38,360 --> 00:06:42,200 What one thing you could really do if this is a base image. 99 100 00:06:42,440 --> 00:06:51,390 One thing that you could maybe optimize is figuring out a way to combine your base image with your regular 100 101 00:06:51,390 --> 00:07:00,290 images or use multi-stage to reduce any of this unnecessary if you don't need all this stuff right because 101 102 00:07:00,300 --> 00:07:05,610 there's a lot of stuff you're adding in here and it's I don't know whether this stuff is really needed 102 103 00:07:05,610 --> 00:07:10,410 by the production app or if it's just needed to do stuff before the app starts. 103 104 00:07:10,410 --> 00:07:11,000 Right. 104 105 00:07:11,010 --> 00:07:15,810 So now that we have multi-stage and maybe you're using that in your other files in your files that it's 105 106 00:07:15,810 --> 00:07:20,760 coming from the other Docker files but now that we have multi-stage I really like to break out the build 106 107 00:07:20,760 --> 00:07:27,090 dependencies from the production dependencies and basically at the very top I only put in the production 107 108 00:07:28,020 --> 00:07:33,450 and that's the image that I will use at the end and it sort of flows in that way in case of your if 108 109 00:07:33,450 --> 00:07:34,790 you're looking for an example. 109 110 00:07:34,890 --> 00:07:40,770 Again going back to my Docker can't talk I go through a walking example in that Docker can talk here 110 111 00:07:42,720 --> 00:07:48,570 on how you might break out and I think I had four or five stages where I had an initial stage is just 111 112 00:07:48,570 --> 00:07:54,270 for production and sort of the base layer and then I have a dev dependency layer but that layer is never 112 113 00:07:54,270 --> 00:07:55,950 used for production. 113 114 00:07:56,190 --> 00:08:01,020 It's only used for development and all that stuff and then I have a build phase and have a testing phase 114 115 00:08:01,740 --> 00:08:04,380 or stage and then I have the final production stage. 115 116 00:08:04,380 --> 00:08:10,620 So it certainly makes the files look more complicated but I think at the end it reduces complexity of 116 117 00:08:10,620 --> 00:08:17,040 your final image it reduces to attack surface so you maybe are already doing that in your other projects 117 118 00:08:18,120 --> 00:08:27,290 and oh you're saying supervisor has problems with logging so interesting other than that I think it 118 119 00:08:27,350 --> 00:08:28,910 looks like a great Docker file. 119 120 00:08:28,910 --> 00:08:34,280 I think you've got to stop signal in there which I see very rarely I thought cig term was a default 120 121 00:08:34,580 --> 00:08:38,050 but nothing wrong with setting a default in there just to be more literal. 121 122 00:08:38,570 --> 00:08:44,690 But it is pretty cool that you know about that because I rarely see in Docker files because people don't 122 123 00:08:44,690 --> 00:08:50,660 realise that that stop signal option exists so good for you on that because I think a lot is something 123 124 00:08:50,660 --> 00:08:51,620 that my Docker can talk. 124 125 00:08:51,620 --> 00:08:54,560 I talked a lot about was shutting down apps. 125 126 00:08:54,650 --> 00:08:58,570 So the importance of properly shutting down connections. 126 127 00:08:58,700 --> 00:09:02,240 I'm sure it looks like something that you've already known about and learned about in our handling in 127 128 00:09:02,240 --> 00:09:02,660 your app. 128 129 00:09:02,660 --> 00:09:04,100 So good stuff.