Launch Docker containers to handle HTTP requests
I’m building a web application where users manage files in projects. Each user can have multiple projects, and each project can have multiple files. I’ve implemented this using Docker, where each project is a Docker volume. When the user clicks a button in the webapp interface to modify files in their project, the web server configures and launches a worker (which is another Docker instance) to modify the files in the Docker volume. This all works pretty well so far.
However, now I want to serve out these project files over HTTP. The strategy I have in mind is:
- A web server (like nginx) accepts an incoming HTTP request from the user
- The web server inspects the incoming request to determine which project is being requested. For example, if the URL is
sparkle-pony.myapp.com, then we know that the
sparkle-ponyproject is being requested. If this project doesn’t exist, nginx responds with a
404 Not Foundresponse.
- The web server also checks if the user is logged in, and if that logged in user has permission to view the project. If not, the web server responds with a
403 ForbiddenHTTP response.
- The web server configures and launches a new Docker container, probably another nginx process. Part of this configuration includes mounting the correct Docker volume onto the new container. We’ll call this newly launched container the “inner” container, and the existing container the “outer” container.
- The outer container either hands off this HTTP request to the inner container, or acts as a proxy for the inner container’s response.
- The inner container, with access to the correct Docker volume for the project and secure in the knowledge that the requesting user has the right permissions, checks the URL path and serves up the correct project file from the Docker volume. After the request has been suitably handled, the inner container shuts down.
So, with all that being said, I have three questions:
- Is this a reasonable strategy? It does involve launching a new Docker container for every incoming HTTP request, but I think that’s OK…
- What is the best way to hand off the HTTP request from one container to another? Or does the outer container have to proxy the response from the inner container?
- Can someone provide some pointers or examples of how to set up a project like this? There are probably some tools or techniques that I don’t yet know about.