🥈Two-tier application using Docker, Docker compose, and image scanning with Docker Scout.
In this project we will do containerization of a two-tier application using Docker, Docker Compose and image scanning with Docker Scout. For this we will make a Flask app and MySQL database.
Step 1: Launch Instance
Create AWS EC2 instance:
Connect to EC2 instance:
STEP 2: Install Docker
First Update Ubuntu System and Install Docker:
sudo apt-get update
sudo apt-get install docker.io
Add your current user to the docker group to get all permissions of the docker:
sudo usermod -aG docker $USER
cat /etc/group | grep docker
STEP 3: Clone the Code
Clone this repository (if you haven't already):
git clone https://github.com/your-username/your-repo-name.git
Navigate to the Project Directory:
cd your-repo-name
Create a Docker file:
vim docker-compose.yml
first create a Docker images from Docker file:
docker images
Now we have to push the image into Docker Hub. For this we use docker login command and enter Username & Password. Also, we will add tag to our image so for this use command:
docker login
docker tag flaskapp deepika1996/flaskapp:latest
Now we will push our image to docker Hub using the below command:
docker push deepika1996(dockerhub_username)/flaskapp:latest
We successfully pushed our image to dockerHub.
Now this image is publicly available for everyone. Anyone can pull and run this image.
Now we have 2 options:
1.We will make two containers and two networks separately.
2.We will make containers and networks by docker-compose file (Disclaimer anyone can choose any option).
First: We will make two containers separately one and then another.
Building Flask App Image and Container:
docker build -t flaskapp .
Now, make sure that you have created a network using following command:
docker network create twotier
Attach both the containers in the same network, so that they can communicate with each other:
- MySQL container:
docker run -d -p 3306:3306 --network=twotier -e MYSQL_DATABASE=myDb -e MYSQL_USER=admin -e MYSQL_PASSWORD=admin -e MYSQL_ROOT_PASSWORD=admin --name=mysql mysql:5.7
- Backend container:
docker run -d -p 5000:5000 --network=twotier -e MYSQL_HOST=mysql -e MYSQL_USER=admin -e MYSQL_PASSWORD=admin -e MYSQL_DB=myDb --name=flaskapp flaskapp:latest
- Now our both containers running in same network:
docker network inspect twotier
- First, we will go inside MySQL container for this we have to run the below command:
docker exec -it container_id bash
Now we are inside the container. Now type "mysql -u root -p" enter your "password". User always be root and password which you put while making container.
We will be inside the MYSQL. If we type "show databases;" this will show "myDb database" that we created while making the container.
Now to solve our application error we will use our database. So, type "use myDb" and our database will change. Now copy code from message.sql file and paste it in bash.
This will create a table that table is containing 2 columns- id and message.
Access the Flask App: You can now access the Flask app in your web browser:
Backend:localhost:5000
Now if we want to see messages so in bash type "select * from messages;" and it will show:
Second: We will make containers and networks by docker-compose file.
First, we have to install docker-compose, for this use command as follow:
sudo apt install docker-compose
Now we will write a docker-compose file, and we add volumes because if container will kill our data will be safe:
vim docker-compose.yml
we have to kill and remove our container because it is already in use.
docker-compose up -d
Now we create multiple containers in one click. When we build containers in docker-compose file it will automatically create network.
STEP 4: Docker Scout
To check any vulnerability in our image we can use "docker scout". For this we have to install Docker scout on our Docker CLI.
Create one directory & change the directory:
mkdir ~/.docker/cli-plugins
cd /home/ubuntu/.docker/cli-plugins
Install docker scout:
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s
Run the docker scout CVE scan:
docker scout cves deepika1996/Flaskapp:latest
And this will show us the vulnerabilities:
The command will output a list of CVEs found in the image, along with details such as severity, description, and links to more information.
Hope you found this article informative and useful. Thanks for reading this article.
Keep Learning... :)