I am developing a Spring Boot RestAPI which relies on MariaDB and now I am deploying it to production on the VPS server. I already dockerized the Spring application and created a Docker Compose file which also deploys the MariaDB database. Everything works fine but I am a bit concerned about the security as the database password is stored in the compose file in plain text. I already tried to use Docker Swarm with Docker secrets which looked promising but it exposes additional ports on the server which I don't need as I have only one node. I am new to Docker Swarm and restricting access using iptables doesn't seem ideal. Another issue with Swarm I had was restricting access to the container from an external network. I use Nginx Reverse Proxy to add SSL but the service is also accessible directly from ip and default port if I don't restrict access using iptables. If there is a right way to use Swarm on VPS please point me in the right direction. The second thing I tried was using secrets with the compose file. It's supposed to be widely used but mapping a text file containing a non-encrypted secret to /run/secrets/<secret> in the container doesn't seem secure. It is convenient to prevent leaking the secrets on public git repository but that is not what I am looking for. Any suggestion on how to run a dockerized Spring Boot application with a database in production would be greatly appreciated.
Asked
Active
Viewed 51 times
-1
Kevin
- 1
1 Answers
0
Just use docker-compose (do not use Swarm if you do not really need its functionality). Set the password as an environment variable in a file called .env, set .env file permissions to 600, and use the variable in the docker-compose.yml
mikequentel
- 618
- 4
- 9