23 lines
1.1 KiB
Markdown
23 lines
1.1 KiB
Markdown
|
Everything in containers.
|
||
|
|
---
|
||
|
|
|
||
|
|
We at IXVD have everything in containers, powered by Docker.
|
||
|
|
Containers allow for isolation of services and keep everything organized.
|
||
|
|
|
||
|
|
# neong tooling
|
||
|
|
We use custom tools that interface with docker-compose.
|
||
|
|
We do this because our infrastructure has become too big to keep everything in one docker-compose file.
|
||
|
|
|
||
|
|
Therefore we have a tool that enters directories named "stacks" that adds another layer of isolation; a music client does not need to access our financial records.
|
||
|
|
|
||
|
|
# Networking
|
||
|
|
All public facing containers are added to a network called `proxy`. This can talk to our automated nginx/certbot instance and make sure it's securely accessible.
|
||
|
|
Internal infrastructure does not use HTTPS at all.
|
||
|
|
|
||
|
|
# Docker
|
||
|
|
We chose for docker as our container engine.
|
||
|
|
It's well maintained and has been used by the community for a long time.
|
||
|
|
Therefore, we can easily resolve issues and find answers to things we want to implement.
|
||
|
|
Also the networking solutions provided by Docker are amazing and allow for very complex but robust infrastructure.
|
||
|
|
|