Deploying containerized Docker instances in production?

It sounds like this is a one-person show, you've only got one or maybe two apps, and those apps have pretty static deployments? If I'm off the mark on any of those, my advice may be poor.

First and foremost: you don't need a container orchestration solution (Kubernetes, Openshift, Nomad, ECS, etc) at that scale. Container orchestration solutions come with learning curves, operation and maintenance overhead, and/or lock-in problems, and they solve issues you really don't have yet. You may not need an orchestration platform until you can also hire somebody else to manage it.

Here's a pretty simple, sustainable, vendor-agnostic way to run containers on a production server. Write a system service (systemd or whatever you have) that runs an arbitrary container; you can find some examples of this sort of thing easily and modify to purpose. Map whatever port your container uses to some high port on localhost. Then run a webserver with a reverse proxy to terminate TLS and forward to that container's port. If you put a docker pull in the start behavior of the service (like with a ExecStartPre for systemd), you can "deploy" your app by just restarting the service!

It's inevitable that your production and staging environments will be different from each other; you minimize the differences you can, and then just try to be aware of the rest. Docker is especially good at running dependency services for local development, so it's pretty normal to use a Docker-hosted Postgres for local development, and then a managed high-performance Postgres in production. Again, it's about minimizing differences – if you use MySQL locally but Postgres in production you will be sad, and you can even pin your development Postgres version to whatever you have in production, but you're not going to get a production performance profile unless you're duplicating your production environment.

I don't know that much about CI, but I would advise against Jenkins; although it's very easy to get set up, my experience is that it's a real time bomb (unless you really know how to manage it, which mostly comes from having previously shot yourself in the foot repeatedly). I believe there are several Docker-optimized CI systems out there, but I can't personally vouch for any of them.

I run a few different websites on one $10/mo Vultr server, which is basically the same as Digital Ocean. It's set up like this:

• systemd service to run docker-compose with the working directory set to /apps on server startup
• /apps/docker-compose.yml defines a postgres container, an nginx container (reverse proxy), and various Node APIs
• LetsEncrypt on a crontab to renew SSL certificates for nginx
• nginx reverse-proxies different hostnames to ports of different containers
• nginx also serves static files for React applications, for example

This server is also my CI server because I don't deploy often and high CPU usage for a few minutes to build a docker image is acceptable. I get reliable automatic deploys on commits to master for all of my projects, which has been nice for accepting pull requests from my phone and having them automatically deploy when I'm not near a computer. To achieve, this, I:

• Installed adnanh/webhook as a systemd service.
• Configured nginx to forward requests on a specific endpoint to webhook
• Configured GitHub to call that webhook on pushes to master (with a hash that's verified by webhook, it's a built-in plugin)
• The webhook script builds the docker image, moves it to the right directoy, and reloads nginx

There are quite a few options for managing docker containers. As always there is a bunch of tradeoffs to be considered.

If you only have a single container running a webapp then starting out similar to your current approach might be a good way of learning the tool. I.e develop locally running the code in a container, push to GitHub, pull down changes in your prod env and build the docker image there, then run it.

If you have multiple containers that needs to run, eg. a webapp, a redis cache, and a nginix container, then using docker compose to ensure everything that get started properly and with the right config. In this scenario all the containers would still be running on the same server. You could have the same deployment setup as before in this case eg build images on prod server. In addition it would be fairly straightforward to have a base docker compose yaml file and then have two more with the config for prod and for dev (e.g. one where the webapp gets pointed to talk to the managed prod db and one where it talks to a local db container).

If you need to run multiple containers of the same image, e.g you have some queue and a bunch of processing containers possibly running on multiple servers. Then using something like kubernetes/rancher/openstack makes sense. This is where you stop treating your servers as pets (each server has a unique memorable name) and start treating them as cattle (they are identified by some number and tagged with their purpose some how). Note that this setup has quite a bit more complexity to it and learning to configure and maintaining a kubernetes cluster could basically be a full-time job/entire career. So, that said, I'd hold off on this until it is really needed.

There are a quite a few other approaches you could take, so follow the KISS rule and grow a process that works for you (and your team). The above options are basically not tied to any particular CI/CD setup. I would probably start by just having a CI environment build and run your test suite. Once that works, have it bring up a test environment to run some integration tests. Next write some basic end to end tests that ensures the entire stack works for some basic workflows.

After that is done is when I would first consider having fully automated deploys. You could of course have a manually triggered deployment job on your CI server to make deploys more consistent before all the test suites are in place.