Closed koo5 closed 6 months ago
i dislike mod_wsgi: 1) it's still too much in development, and not a big team. It's C code, so vulnerabilities are likely. If we use the ubuntu packaged version, we are probably stuck with default ubuntu python version. alternative: proxying relevant uris through apache, django running standalone. Possibly single dedicated root uri, let's say request/.
https://github.com/GrahamDumpleton/mod_wsgi-docker/issues/34 warpdriive seems to be alive. or: https://github.com/carlostighe/apache-flask
i'm finding the docker stack/swarm/compose jungle rather suboptimal for managing deployment even just on my dev machine. But this is probably evolving in the right direction: https://www.docker.com/blog/simplifying-kubernetes-with-docker-compose-and-friends/ https://skaffold.dev/
otoh, the whole situation with security updates in docker, and the whole culture of maximally minimal images configured by tweaking lenghty bash command lines..meh https://news.ycombinator.com/item?id=10782897 https://github.com/docker-slim/docker-slim (not relevant but nice)
better way to run python webapps? : https://github.com/phusion/baseimage-docker#whats_inside https://github.com/phusion/passenger-docker
basicauth everything
use docker api to restart worker after every request
use https://github.com/phusion/passenger-docker instead of django dev server
fix arelle etc issues (github issue)
this issue is partly outdate but still a great overview.
some more points:
summed up (WIP) and continued in wiki/Security.md
done for now
except the bit about security updates of services deployed via docker-compose etc, this is a general problem.