I have the Nginx appliance running in a hyper V virtual machine acting as my proxy to my development servers. I would like to self host Bitwarden which requires docker. Therefore rather than create another virtual machine would it be a good idea to install docker on the Nginx appliance and then into install  bitwarden from there. Nginx would need to proxy ports 80 and 443 based upon hostnames but already do this so should work.

Are there any security implications from this setup. I've never used docker before. Only for small number of users.


Jeremy Davis's picture

Assuming that you trust what will be running in the Docker container, that should be fine. I just had a quick google and assuming you mean this, then on face value that seems pretty legit to me (obviously I haven't done a code review or anything...).

Docker is a pretty cool technology, but is really more-or-less a somewhat hardened chroot. So it's certainly no security silver bullet. But it is a pretty handy way to install applications and is pretty popular these days.

Installation of Docker is generally pretty straight forward, but I'll give you the more locked down method (lifted from our buildtasks setup-docker script):

# install dependencies
apt-get update
apt-get install apt-transport-https gnupg2

# download the docker gpg key, an export it somewhere safe
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys $GPG_FINGERPRINT
mkdir -p /usr/share/keyrings/
gpg --output /usr/share/keyrings/docker.gpg --export $GPG_FINGERPRINT

# add the docker sources list
cat > /etc/apt/sources.list.d/docker.list <<EOF
deb [signed-by=/usr/share/keyrings/docker.gpg ,arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable

# pin the package
cat > /etc/apt/preferences.d/docker <<EOF
Package: *
Pin: origin "$REPO_ORIGIN"
Pin-Priority: 100
Package: docker-ce
Pin: origin "$REPO_ORIGIN"
Pin-Priority: 500

# install docker
apt-get update
apt-get install docker-ce

# test docker is working
docker run hello-world

As for the details of running the docker container itself, I suggest that you follow their instructions...

I hope that gets you going.

Add new comment