It’s a matter of where you want to spend your resources, and how you approach the administration of a system. This is philosophical as much as technical.
Containerized schemes like this absolutely have their place, and I’d be crazy to say that this isn’t a good move for Discourse as a deployable application! But this is not wholly a good move for monolithic servers hosting multiple applications.
When an application brings its own web stack with it and that app includes a web server that expects to be on port 80, that’s more than problematic—it’s presumptive. With the exception of your map variable, everything you’re doing within your nginx sample config is located in the server-context—and that’s what vhosts are for. Bringing along a whole web server just to get a few config stanzas right isn’t just inelegant—it’s downright ugly.
I know, I know—minor complaints, just use nginx outside of the container if you’re confident in your ability to make it work. Which I’d have to do, because otherwise my discourse traffic would be reverse proxied through varnish to a reverse-proxy that would reverse-proxy it to a containerized reverse proxy that would reverse-proxy it to containerized thin instances and cue the Inception music.
It just feels like this is a developer-centric move, made from a developer-centric mindset. You can’t assume that the installation environment or the installer have everything you need, so you pack in module after module to make the app as self-sufficient as possible. Every prereq and dependency you can think of gets stuffed into the container, and the app is as immune as possible to the environment in which it sits.
But it’s just graceless. Applications should be tenants—they should live in the house, not bring a whole other house along with them to set up inside of the first hosue. The developer shouldn’t presume that the environment is known-hostile or known-broken. The developer’s chocolate should stay entirely out of the sysadmin’s peanut butter. Plus, reading your blog post about docker, the ownership and mounting issues are gag-me ugly (though I recognize that’s not entirely docker’s fault), and are exactly the kind of thing you don’t want to expose an inexperienced admin to.
Shit, man. I know you guys have worked hard on this, and I’m sorry. Just feeling grumpy. Maybe I’m like the gearhead bemoaning the fact that under the hood of my car there’s nothing but a big bunch of plastic covers. But, seriously, for the love of all that’s good and holy in this world, please realize that some of us know how to run a server, and duplication of services and extra abstraction are unwanted complexity.
Okay. Okay, I’m good now. I’m ready to leave this week behind and be good. Promise