Project 2: Containerization of a Two-Tier Application using Docker, Docker Compose, and Image Scanning with Docker Scout

Tools Required:

Docker: For creating and managing containers.

Docker Compose: For defining and running multi-container Docker applications.

Docker Scout: For Scanning Docker images for vulnerabilities.

Any code editor (like Visual Studio Code, Atom, etc.)

Access to a basic two-tier application source code (e.g., a simple web app with a database backend).

Overview/Description:

This project involves containerizing a two-tier application (such as a web application with a database) using Docker and orchestrating the containers

using Docker Compose. The project will also include using Docker Scout to scan the created Docker images for security vulnerabilities.

This will give practical experience in containerization, orchestration, and security aspects of Dockerized applications.

Code Repository:

Repository Platform: GitHub

Repository Link: https://github.com/rajnishkaushik5/two-tier-application-project2.git

Access Instructions: Clone the repository to your local machine using Git. Instructions on cloning a repository can be found on GitHub's help pages.

Requirements:

Functional Requirements:

Containerize each component of the two-tier application using Docker.

Use Docker Compose to define and run the multi-container application.

Ensure network communication between containers (e.g., web app container communicating with the database container).

Scan the Docker images with Docker Scout and address any reported vulnerabilities.

Non-Functional Requirements:

Performance: The containers should be optimized for performance, considering aspects like image size and startup time.

Security: Implement best practices for Docker security, including managing secrets and using least privilege principles.

Documentation: Provided steps into this README file with clear instructions on how to build, run, and scan the application.

In this Project, I Successfully containerised a two-tier application using Docker and orchestrated the deployment with Docker Compose.

Gained expertise in Docker image creation, and management, and performed vulnerability scanning using Docker Scout.

This project enhanced my understanding of containerization, network communication between containers, and security practices in Docker environments.

There are following steps to deploy and scan the two-tier-app and images respectively:

• Launch an AWS EC2 instance:

*type: t2.micro

*AMI: ubuntu

*security group inbound rules: ports are

PORT 22 ---> ssh

PORT 80 ---> http, and

PORT 5000 ---> app is running on this port.

• ssh into instance using private key with permission 400

• update your system packages index

• install docker.io on your server

• check docker version
• install docker-compose , a tool can run multiple containers simultaneously.

• check docker-compose version

• write a Dockerfile and a docker-compose.yml files : for more details refer to my GitHub repo .

• Write a Dockerfile :

• Write a docker-compose.yml file :

• give access to docker daemon for current user
• create 2-containers within same network (default --> bridge) along with volume mounted for mysql

• run the docker-compose command in detached mode and show number of containers are running with docker ps

• go inside the terminal (i.e bash) of a container with command "docker exec"

• go inside the terminal of mysql and show all databases presents inside

• change database to KYC database which named by user , inside docker-compose.yml file
• see all contents in KYC database which came directly from my backend (website messages)
• Messages typed and submitted on web

• see the mount volume for services

• see the common network inside both containers are , and communicate with each other i.e "two-tier-flask-app-default: bridge". This network is created by docker-compose.yml file.

• In order to scan images by docker-scout, pull images from DockerHub for that matter user must have login into its DockerHub account.

• create a nested directory where docker-scout is installed.
• go to home dir
• mkdir .docker ---> make a hidden directory name docker inside home directory
• cd .docker/ ----> change dir to ./docker
• mkdir cli-plugins
• cd cli-plugins
• path to docker-scout cli(installed) --> /home/ubuntu/.docker/cli-plugins
• command to install docker-scout CLI : curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --

• How to check if it is successfully installed or not? By checking docker-scout's version:

• scanning image of mysql:5.7 for vulnerability

• Two-tier-app is successfully deployed on AWS EC2 instance.