🥈Two-tier application using Docker, Docker compose, and image scanning with Docker Scout.

🥈Two-tier application using Docker, Docker compose, and image scanning with Docker Scout.

In this project we will do containerization of a two-tier application using Docker, Docker Compose and image scanning with Docker Scout. For this we will make a Flask app and MySQL database.

Step 1: Launch Instance

Create AWS EC2 instance:

Connect to EC2 instance:

STEP 2: Install Docker

First Update Ubuntu System and Install Docker:

sudo apt-get update
sudo apt-get install docker.io

Add your current user to the docker group to get all permissions of the docker:

sudo usermod -aG docker $USER
cat /etc/group | grep docker

STEP 3: Clone the Code

Clone this repository (if you haven't already):

git clone https://github.com/your-username/your-repo-name.git

Navigate to the Project Directory:

cd your-repo-name

Create a Docker file:

vim docker-compose.yml

first create a Docker images from Docker file:

docker images

Now we have to push the image into Docker Hub. For this we use docker login command and enter Username & Password. Also, we will add tag to our image so for this use command:

docker login

docker tag flaskapp deepika1996/flaskapp:latest

Now we will push our image to docker Hub using the below command:

docker push deepika1996(dockerhub_username)/flaskapp:latest

We successfully pushed our image to dockerHub.

Now this image is publicly available for everyone. Anyone can pull and run this image.

Now we have 2 options:

1.We will make two containers and two networks separately.

2.We will make containers and networks by docker-compose file (Disclaimer anyone can choose any option).

First: We will make two containers separately one and then another.

Building Flask App Image and Container:

docker build -t flaskapp .

Now, make sure that you have created a network using following command:

docker network create twotier

Attach both the containers in the same network, so that they can communicate with each other:

  • MySQL container:
docker run -d -p 3306:3306 --network=twotier -e MYSQL_DATABASE=myDb -e MYSQL_USER=admin -e MYSQL_PASSWORD=admin -e MYSQL_ROOT_PASSWORD=admin --name=mysql mysql:5.7
  • Backend container:
docker run -d -p 5000:5000 --network=twotier -e MYSQL_HOST=mysql -e MYSQL_USER=admin -e MYSQL_PASSWORD=admin -e MYSQL_DB=myDb --name=flaskapp flaskapp:latest

  • Now our both containers running in same network:
docker network inspect twotier

  • First, we will go inside MySQL container for this we have to run the below command:
docker exec -it container_id bash

Now we are inside the container. Now type "mysql -u root -p" enter your "password". User always be root and password which you put while making container.

We will be inside the MYSQL. If we type "show databases;" this will show "myDb database" that we created while making the container.

Now to solve our application error we will use our database. So, type "use myDb" and our database will change. Now copy code from message.sql file and paste it in bash.

This will create a table that table is containing 2 columns- id and message.

Access the Flask App: You can now access the Flask app in your web browser:

  • Frontend:localhost

  • Backend:localhost:5000

    Now if we want to see messages so in bash type "select * from messages;" and it will show:

    Second: We will make containers and networks by docker-compose file.

    First, we have to install docker-compose, for this use command as follow:

      sudo apt install docker-compose
    

    Now we will write a docker-compose file, and we add volumes because if container will kill our data will be safe:

      vim docker-compose.yml
    

    we have to kill and remove our container because it is already in use.

      docker-compose up -d
    

    Now we create multiple containers in one click. When we build containers in docker-compose file it will automatically create network.

STEP 4: Docker Scout

To check any vulnerability in our image we can use "docker scout". For this we have to install Docker scout on our Docker CLI.

Create one directory & change the directory:

mkdir ~/.docker/cli-plugins
cd /home/ubuntu/.docker/cli-plugins

Install docker scout:

curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s

Run the docker scout CVE scan:

docker scout cves deepika1996/Flaskapp:latest

And this will show us the vulnerabilities:

The command will output a list of CVEs found in the image, along with details such as severity, description, and links to more information.

Hope you found this article informative and useful. Thanks for reading this article.

Keep Learning... :)