Describe why we can't use in production this compose project

3liz / lizmap-docker-compose

Run Lizmap stack with docker-compose

31 stars 42 forks source link

Describe why we can't use in production this compose project #7

Closed Gustry closed 3 years ago

Gustry commented 3 years ago

When reading the readme, we can see :

https://github.com/3liz/lizmap-docker-compose#run-lizmap-stack-with-docker-compose

do no use in production

As we want to promote docker for testing/running Lizmap with just a few commands, we need to explain why we can't use this in production.

dmarteau commented 3 years ago

Because this has been created as a sandbox for testing/running lizmap in a quick 'way'.

There is absolutely no warranty that all requirements for a production deployment are fullfilled (containers running as root, using default user uid/gid ....) - It would extremely dangerous et préjudiciable to claim that it is a 'production-ready' stack.

Furthemore, it does not exists is to such as 'one-fit-all' production stack configuration, so you cannot claim and you will almost never see a docker-compose stack presented as production ready stack.

Gustry commented 3 years ago

Thanks for the anwser.

I think your paragraph would need a section in the readme to explain that. Read the meeting summary about the docs.lizmap.com by email.

We want to promote Lizmap using docker in the docs. So we expect some users knowing nothing about docker and why it's written in bold this warning.

nboisteault commented 3 years ago

@dmarteau I'm going to communicate about using this stack in Windows. Could you add more information in README.md to explain why it should not be used in production. Could this stack be a base needed to be improved to be production-ready by someone knowing what he does or it is really not possible?

dmarteau commented 3 years ago

Could this stack be a base needed to be improved to be production-ready by

This is an odd question: it is a running stack, so it may be used out of the box but I will never claim that it is is a production ready stack.

dmarteau commented 3 years ago

To make myself clear: you may use this stack as you want, in your production environnement if you want, but it is at your own risk: there is no security configuration in nginx, some containers are running as root.....

This is definitevely not the same thing as saying that a software is 'production ready' for a given set of functiontality.

As long as you don't know the production context you cannot claim that a stack will meet the production requirements and I definitevely dont want people taking for granted that they may put this stack on a server without further consideration.

dmarteau commented 3 years ago

Changed production notes: 5773c8a7abf98f1f6cbba9268c2fc003bc420757

Gustry commented 3 years ago

It's nice to understand why with your explanations. Thanks for the commit. @dmarteau with this ticket, we mainly wanted more information in the readme for the final user.

nboisteault commented 3 years ago

Thanks @dmarteau !