Dockerization design principles

[dr-orlovsky]

After some discussions with @zoedberg in https://github.com/LNP-BP/docker/pull/17 I propose to discuss and then codify design principles we are using for dockerization (Dockerfile design and docker-compose containers). Right now this is an issue, but later once we agree on it I propose to put it as a part of README.md file in this repo.

So my initial take on that:

1. When you do not need to expose RPC ports to the external world leave them exposed only through docker-compose expose but not port command
2. In docker-compose connectivity always rely on internal network only; since there might be alternative compose files using same ports on the same IP addresses (for instance for scalability purposes)
3. Customize as much as possible with environment variables ARG variables
4. Structure ENTRYPOINT in a way that it can be extended with compose command args later; but if this conflicts with (3) the (3) must have a higher priority and customization in compose file with custom entrypoint is should be preferred.
5. For RPC use macaroons/files whenever possible (not implemented yet, needs a separate issue).
6. Run container processes using an unprivileged user instead of root.

[zoedberg]

I agree.

I think that another point to discuss is that it's safer to run container processes using an unprivileged user instead of root.

[dr-orlovsky]

Good point! Actually with the latest refactoring in #21 it is already done