 Good morning. Good morning. Am I ordering at the back? No? No. Leave the line. So, my talk is about powering WordPress with Docker. Has anyone here heard the word Docker? Has anyone here heard the word Docker? Okay. You won't be confident. Anyone else? Okay. I'll start with introduction. So, I was interested in WordPress from college days. I mainly started by downloading the WordPress zip from WordPress.org. Tried to make a website that was simply running more than I expected. Okay. So, how many of you have faced the trouble of scaling up your website? Like, you certainly get a lot of traffic and it gets down. Anyone? Okay. Good. So, I will try to talk about a tool called Docker, how it can help us scale the WordPress better. So, this is a talk about Linux containers, scaling traffic and all the black console stuff. So, your mileage may vary. Right? That's completely okay. I'll try to talk less about Linux and more. That's what happens. So, agenda for today. So, the monolith word means hosting everything. You are hosting everything of your WordPress website on a single server. So, we'll talk about pros and cons of monolith hosting where you host your database, WordPress files, a web server, everything on the single server. That's a monolith hosting. Then we'll talk about what is Docker. Pros and cons of Docker. And what problem can Docker solve for WordPress community or the WordPress people and beyond the WordPress to the production. I'll try to keep it more of an introduction to everything. Pieces. So, you can go at home and just try to use that piece. So, how does the current hosting look like? Monolith, shared VPS, dedicated cloud. Right? Anyone of these? You have taken a VM from Digital Ocean or AWS or anywhere or a C-minus shared hosting, right? So, half that architecture on the server side looks like. So, if you are using a shared hosting, on the linear side, what the C-minus does is it creates a directory from your username and hosts your files under that. You'll see public address for SPU directory and all. So, there you have folders where your WordPress files are there. And C-minus running a web server which routes the incoming request to your files. And it serves your purpose. Those are very small traffic websites, right? It works. So, that is what's called monolith hosting. When you host your database on the same side, everything is on that side. But when traffic gets more or when you want to scale up, it becomes like a classroom without a monitor or a teacher. Every student is doing, every website is doing whatever they want. They're consuming resources of your CPU, RAM and everything without your knowledge. They consume it whatever they want. That's what shared hosting stands for, right? You have a high-resource server and you host 50 websites on a single server. What is the maximum number of sites have you hosted on a website? Mine is 40 on a single server. Anyone beyond that? How much? 16. 16. So, that should be like a typical classroom where you don't have a monitor and everyone is shouting. Every student is shouting. Every site is doing whatever you want. You don't have a clue which site is using what resources. So, problem comes with monolith. Monolith is easy to manage. You have everything in a single box. So, you have 15 websites, you have 15 directory. That's what deepenl looks like, right? You just go there, edit some files. Easy. Your manager can use it. Right? So, it's cost-effective. You don't have much of traffic, you don't have much of revenue to gain from that website. You just host it. It's a friend's server. You just host it. Like she said, your friend help you. They said, what's the revenue content? Right? Just what's my website? It's okay. It works fine. You hardly have 50 visitors for the amount. And it works. Nothing else. Sharing is caring. You host your friend a website. And after a year, he gets like 1000 visitors per day and your server is blown. That's pro for sharing and caring, but it's a con as well. Right? Maybe more for monolith. So, what can be cons here? That's like a traffic jam. A single site can burn the boiler. As anyone faces this issue, where a single site has some security flaws or anything it has done, and all the websites have gone down, quite a few. Mine as well. One of my site just, they just put password as password. And someone did a brute force on that site. The hacker installed a plugin on my website, on my web server. They got the access to the database. Everything got gone. Luckily, I had the backup of the site, so I was safe. But it can be a silly mistake which can burn your whole server. Deployment has security and more. So, I mean, there are many cons upon your use case. So, a very good answer to all your problems. Dot. Well, not exactly. With couple of more tools if you can add. Kubernetes and OpenShift. So, what exactly is the word docker and talking about? So, docker is an open source tool that helps you package application in containers. Have you seen the containers, the shipping containers? Yes. So, it's a similar analogy. Has anyone heard the history why the containers are starting to use for the shipping? In 1980s or 1970s before, people used to ship stuff as it is on various size of products. I mean, if you were to ship a bag from U.S. to India, they would ship it, they would pack it somewhere in the ship. But the problem was they were not getting the exact match or the optimized size for the shipment. A bag, a big bag, it consumes more size and you don't have size for putting another stuff in the same ship. So, they started the idea of shipping everything in a unit size. So, whatever stuff you want to send, you send it in a container. So, that becomes a standard. So, the ship size and everything can become a standard size and they can optimize the number of shipments can go. So, the containers, what we are in the docker tool, it is derived from that analogy. So, what is a container? A container is a lightweight application run time environment. So, Linux guys can understand more now. X like a word, which has a kernel with it. How many of you have heard the word kernel? And know it also. I see the hand click now. So, to simplify the word kernel, if you were to talk, if any of the application from your system was to talk to some hardware, it will go through the kernel. That is the simplest definition we can give. So, how many of you have deployed a virtual machine? I have also just heard of virtual machine. What a virtual machine? So, you create, so you are running a operating system. On top of it, you spin up another operating system. That is a virtual machine. So, a docker container, it acts like a it is giving you a virtual machine, but it shares the kernel with the release of the operating system. So, this is the standard virtual machine architecture looks like. You have your infrastructure, you have your high model, you have your guest voice. So, in the guest voice, you are running the kernel on top of your kernel. So, that is overhead. And then you on top of it, you give your binaries and libraries and then you deploy the application of the virtual files. So, you are talking in terms of what then you deploy your MySQL word pairs or Apache engine, whatever you deploy. So, this is what a standard VM would look like. So, talking about more containers. So, containers are meant to be a standard executable package. Like we talked about the shipping containers. It is a standard thing you will ship. In terms of software deployment, it is a standard executable. I can do ship. I am not of Windows side, but the windows.exe, you ship it like .exe, they work well. You ship a .exe and it works. So, a Docker container is meant to be an executable package. In the sense, not a Windows.exe, but you ship it in a container. So, from a developers PC to the production environment, it is meant to be the same executable. So, now comparing the virtual machine thing with the Docker context. So, in the Docker, you have a single OS and on top of it, you have the standard kernel. On top of it, you have the Docker or Docker demon running. Has anyone heard of the demon? Not the demon-demon, the Linux-demon. So, this is an understanding. It works as a process. So, your process is running on your operating system. Many of you might have seen that. So, the Docker runs as a demon process inside the machine you are trying to run. So, in that process, what you do? You ship your whole application as a Docker container. Inside the container, you might have PHP application. You might have all the things you could have in a monolithic environment. But that is not an optimal way to run a container. So, what you do? You ship a WordPress container, you ship a MySQL container and you ship a Web Server container. So, what can be proven concept of it? Is it easily shipped and integrated? So, it is like many of you might have heard this slide. The guy running your environment or maintenance environment says, it is not working. The developer would say it is working on my land. Many of you might have seen this. So, how can we move that? Because in the production, you will be running the same container which the developer is running on his system. So, it is scalable. I will show how it is scalable. It is secure. Why secure? Has anyone faced the problem PHP or hacking some issues with WordPress, gaining your files? Or has anyone faced a bug that some of your files get corrupted? And you don't have a queue, right? I have seen it on MySQL as well. So, there are many pros of Docker, but it will be on the gmail side. What is your cost? It is not quite easy to deploy your product. There is one more cost. Obviously, you don't get what I want. Right? So, I will try to be more on the side what problems can Docker solve for WordPress. It will help you better utilize the resources. So, this is the one which was the excitement for me to start running Docker when I was requiring my WordPress site. So, Docker containers or the Docker virtual machines, you can say. So, Docker containers would run as a process inside your host system. So, you can simply bomb resources to each application. If you host everything, if you just put 50 folders in your slash bar, blah, blah, blah, blah, blah, blah, blah. So, those folders won't be able to bind resources that this site is meant to be only consumed by an entire team of others. You won't be able to bind the application like that. But in terms of Docker, you will be able to bind each container or each set of content. The resources you want. And this brings a lot of value when you have shared and other. The 50 sites, you can directly say, this is a friend website. I don't want to give it more than one city. Even if I had city, right? It gives you admin control to bind the, what are you running? So, it gives you better deployment and architecture. So, how many of you have got what I was telling you this one? More than I did. So, with the deployment and architecture, what I mean here is, so now you can shift your application as a container. And how you scale it? So, how do you scale it in terms of virtual machine? If you are getting a traffic on a single virtual machine, you spin up another virtual machine and you put a load balance, right? That's how you do in the regular hosting, horizontal hosting, that's how you do it. Or you give more resources to the accessing content. But that won't be beyond like 30 to 60. What if you have got 20 lakh live users? What would you do? You would just scale to, you would scale up to 64 CPU VM, but then you would have to go to add more VMs. But that would also have limitations. Why? Because then you would have to put a separate data-based replica, your file system, your load balance. You have to manually manage all those VMs, scale up, scale down. It's a lot of ways, right? So, with Docker, what you can simply do? The same thing which you did with the virtual machine. You can simply spin up another Docker container of the singing machine. So, it would simply work like a virtual machine inside here. It would simply work the singing machine with the virtual machine. So, scale with PCM. You just scale with this add number of containers. It won't be actual virtual machine. So, what is the time to deploy a container? What was the average time to deploy a virtual machine? One minute? Five minutes? How many? One minute. One minute? Yes. So, the average time to deploy a Docker container is like from milliseconds to maximum second. So, you can just spin up the containers on the go to scale up the environment within the second. So, if you see, if you set the autoscale and with the same autoscaling works working on the virtual machine, you are losing traffic for until and unless when the new virtual machine comes up into the picture. You might have lost a lot of traffic. But in terms of Docker, with a set of more containers, it would work in a second. So, you don't lose much of traffic. Security. So, let's say your passwords got public. And someone gained access to your file system by about PHP or something or plugins. But unlike the previous example where you had all the sites, now you just you just a container which acts like a OS. So, you don't have access to actual host. It's just more dummy virtual machine running with the files. And even if your security goes everything more public, it has nothing to do because there are 10,000 containers running and you would just have access to a single container. So, even if someone just got into a house with all the weapons of security lost, he cannot just access a host. So, you are safe. So, beyond Docker and production. So, how can you... So, Docker is a process running... a demon process running machine. But how do I exactly deploy this to production? I mentioned this was the main point or the cons for deploying Docker to the production. So, there are couple of tools that help Docker to the production and those are Kubernetes and OpenJet. OpenJet is the one which I like to work on. It's a wrapper on Kubernetes. So, you have seen a C panel, right? What do you do in the C panels? You have a UI, you have your files. So, it helps you automatically deploy on Kubernetes. You can do simply almost similar things with Kubernetes. You put your data repository, UI in the Kubernetes. You create a project. Then it will spin up pods for you. And on the pods you can define a YAML file where you can say that this I want to put up three containers of three containers of Apache server, five containers of my WordPress file and three containers of my data. Or if you are getting... So, let's say you have cash on WordPress files and you just need more of web servers to get some of the incoming requests. You just increase the number of engineers or Apache server replicas. Database is already cashed. So, you can just clear up number of containers with these tools. Or if you want like... So, there is a problem I have raised. I had a single virtual machine inside that I wanted to run five different ready servers. And as I am trying the ready server to cash the WordPress file, yes. So, I wanted to run five... I wanted to run the ready server for five of the sites, but what I didn't wanted was to install the ready server and let all the five caches on the same ready server. That would be a lot of mess. And I don't know what cache is going on. There might be issue that one site's cache is being used by another site's cache. So, in terms of Docker, what is it going to do? You can combine that in a container. So, container is a single virtual machine. You don't even know what the container is sitting beside it. It even doesn't know if there is a container sitting beside it. It acts like a complete virtual machine. Almost. So, with Uber it is an open chip. You can clear up a lot of around this. I know this was a technical side of thing and half of you don't know what I was talking. But for developers, this can be a very helpful tool. And if you wanted to run it, you should scale. Docker is a tool that can take you out. Any questions? So, basically what you said was to scale as a source of information to use Docker, right? But what if I start using VPSS for the same thing, right? You can use a VPS. And the same benefits I get while using VPSS are also inside without having to run or not. You use the Docker. The context of or the functionality of Docker comes handy when you are looking at scale, for example. So, if you have five websites, you can spin up for five VPS for them. But what if you have suddenly you have traffic for five of them on the same it gets a lot of mess. And Docker is not just spinning up virtual machine. It's about binding your application as executable to run inside a VPSS. So, if you want to deploy just Docker, you would create a new VPS inside that you would run a Docker. So, I mean to run Docker and VPS what kind of resources VPSS is? So, Docker itself adds very minimal resources. So, the same deployment you can do with the Docker is a very light process. So, it doesn't have its own resources to add like what you do with the virtual machine. So, you can simply run the same files and same database files as a graph. Do some managing this in a container. It doesn't need any extra resources to run. If your site was running one GB VPS, it can still run on one GB VPS. But with the extra ability to manage a container in this particular team. So, you would have better architecture level and you would have more precise knowledge about what's actually going on if your time site is your file size. What's what they are actually doing you would have more control over it. That's binding application to the binding resources of the application. We can get more of those. Help you patient for container. First in Docker architecture Docker engine is there with all containers, right? In Docker architecture that Docker engine is there with every container, right? And Docker engine also contain a separate sale library. If one container uses a whenever or releases the library if it's affected then all containers are also affected. So, there goes to a different question where you say there is a function like there is a bug in the VPS you are running for example you have declared your site on a Ubuntu VM and there is a security flow in Ubuntu itself goal word is flow. There was a recently similar flow with the intensive use if you have heard. So, every single process on the word was affected. So, that's not a So, in terms of in terms of Docker I think your question is like there is a security flow in Docker right? Yes Yes So, yes if there is security flow inside that Docker container no, it won't affect the different other Docker containers. So, the concept of main spaces come into this thing. So, each of the containers all set of containers have their different main spaces on the lower level of the other. If you lock into a container and do what are the other containers you won't get anything it's already quite a mature project now and the security flows are already almost So, it won't one container won't know anything about it it won't even know if there is another container as well. Through SQL injection and whole data is down but you have met for your site so again you will get some but till data will also run out to them run out So, for that the issue was on the production instance there were a lot of stuff I went through the logs then I found that someone went to brute force on the specific site so I had kept the database of the machine which keeps the data every day, every morning check of that it takes a backup of that site so I spin up the new virtual machine and from that I took the DB and there was some more database recovery I had to do so a lot of PHP and I had to play which I didn't play In our network we always clean all the stuff, logs and everything in this case you can't read your previous logs in our Google network then I know about the whole log please tell then you never cover your log and you never found your place of vulnerability it's better to use your code with your plugins and WordPress site and also the Ruby scans also find your bug in your logs sorry, logs the only thing I found good to prevent this thing in future was to put no allow on HTXS to XML, RPC, PHP that was the only thing I found good so now I don't need to use API for the WordPress so I just block for all the websites there so that was the simplest thing I could do being a non-PHP developer for the security there are so many plugins which protect the WordPress site only one tool is I think the whole security is enough for that and the regular updates on the website is quite okay in terms of WordPress what I meant here was security is not the basic or the essential thing that Docker provides all that comes with the Docker so if you had a virtual machine if you have two virtual machines one of the virtual machines got hacked let's say your assistant password got copied do you feel there is any chance that your another virtual machine is password to get affected because you don't know if there is another virtual machine on that same host so for the security terms I meant that the Docker container doesn't know if there is another Docker container so even if the hacker gets access to the file system he won't have access to another container that is running on the same that is running on the same site serving the traffic through the same VPS it doesn't know if there is another container because the system is already combined or isolated by name spaces and Docker security things so it doesn't know if there is another container pardon it can run 10,000 containers it depends on your website suppose in that case a plugin is installed it will be the right intention not on the wrong intention it won't work like why because you are saying if your password is linked okay and he is installing a plugin with the wrong intention you are making this happen but with the right intention because the same thing I want to install it slowly you are asking how will you install the same plugin on 10,000 containers so that's why you do you use a gate repository to or a file there are more architecture level things on open circuit Kubernetes to how to manage the same container across the production environment what I was talking about is you are at the single so what you will do in that case for example there is a malicious plugin installed on the all 10,000 containers you have and if a hacker is trying to send let's say XMRPC he is doing something and he tries to gain file access for example or some database access database might get affected that's a correct question but you would only have at the same time you would only have the process running on a single container the other container won't be running the same that's a WordPress level thing and I am not arguing to the whole thing but that's a different context what suppose I want to enter my guess and I want to enter my data and same thing I want to get the other hand the hacker he wants to get without the password XMRPC or something else in both case what is the need of doctor in that case the need of doctor is mainly deploying containers I mean it's more on the opposite it is like if you were to do the same thing if you have 10,000 or say 1000 BMS running you won't be able to manage all of them the way more effectively you can do if it does still I can delete my data yes you can do it same it's more on the context of WordPress or the application you are trying to do docker is not about WordPress docker is itself a tool to run any application you want it's more about the lean-up side and all the stuff it's not about WordPress for example I want to migrate my website to another server which is not having the docker so can I copy my whole website make a chip and directly migrate to another website is it ok or some coding or some folder architecture will be affected if I go the docker migration to the non-docker migration so you can do it but I would say it's not the best way to do it there are ways to migrate to docker that's what I meant it's not easy to get started but once you complete the learning curve docker is the one you would always go or the VPS or the shared version we can take it offline that's our last question anyone else thanks