[Koha-devel] Minimal docker images for Koha

Julian Maurice julian.maurice at biblibre.com
Sun Mar 1 12:12:11 CET 2020 

I believe that the problems we have with Debian buster are mostly 
related to the versions of Perl modules shipped with debian packages. 
Since these Dockerfiles install all Perl modules from CPAN in their 
latest version, I think you will have the same problems with an older 
version of Debian.

URL rewrite in PSGI file is handy for development, but that shouldn't be 
used in production. Indeed, a reverse proxy is still required in 
production environments.

Please note that images produced by these Dockerfiles are not intended 
to be used in production. As I said in my first message, you should 
expect things to break ;)

Le 01/03/2020 à 05:19, Agustin Moyano a écrit :
> Sorry.. seems I send it only to Julian.. here goes again
> 
> El sáb., 29 de febrero de 2020 19:15, Agustin Moyano 
> <agustinmoyano at theke.io <mailto:agustinmoyano at theke.io>> escribió:
> 
>     Hi Julian, great work!!
> 
>     I've also been working (interruptedly) for a couple of months on a
>     docker version of Koha.
> 
>     I focused on having as soon as possible a fully functional docker
>     version of Koha, and didn't worry too much about doing things the
>     docker way.. It's comforting to know you weren't tempted by de dark
>     side of the force!
> 
>     I thought of having first a production ready docker much like
>     koha-testing-docker, and later split services into different
>     containers. That's why I really, really loved your implementation of
>     plack.psgi. URL rewrite in psgi brings independence day from Apache
>     much closer! \o/.
> 
>     Just some thoughts:
> 
>       * Should you base your image on Debian buster? on
>         https://wiki.koha-community.org/wiki/Koha_on_Debian says "Note:
>         Debian 10 (Buster) is currently not recommended or supported,
>         work is in progress to rectify this situation."
>       * Even if there's no need for reverse proxy, I wouldn't discard
>         having one on a separate container.. web servers like apache or
>         nginx deal much better with attacks than exposing the service on
>         it's own (First hand experience with a Java/Tomcat service I
>         made once)
>         (https://security.stackexchange.com/questions/209111/security-benefits-of-reverse-proxying-java-tomcat-webapps-locally)
> 
>     But overall, great job!
> 
>     PS: If you'd like to take a peek of what I've done, here's the repo:
>     https://gitlab.com/thekesolutions/koha-docker
> 

-- 
Julian Maurice
BibLibre

More information about the Koha-devel mailing list