How do you make sure your containers survive upgrades? (letsencrypt/mariadb)

I am using the letsencrypt and the mariadb containers to host 19 websites (so far). I really appreciate the ease of use, and the automatic certificate renewal. Great work.

My concern is that I’ve placed all my eggs in the same basket, and if something goes wrong with a container upgrade, all the websites I host will go offline. They are mostly WordPress/WooCommerce websites, so there’s an actual cost involved if they’re not up and running.

I take daily backups of each website’s database, nginx configuration and of course all the files. But still, it would take me a lot of time to bring everything back up and running again.

How do you guys handle this kind of concern? Or I’m I being paranoid here? Is there a way to be more at ease when upgrading containers?


The risk will most likely be when we bump the alpine version. If you are doing this commercially, you should have a test system to be sure nothing breaks doing updates.

You an however downgrade using tags, but for mariadb, be sure you have a backup of the database as it migh be upgraded by the update.

We didn’t really make this for a commercial target, but for home users having an easy way of hosting websites and reverse proxy services.

@saarg thanks for you reply. But now I’m even more worried :stuck_out_tongue:
I shouldn’t be using be using these containers for commercial purposes?

There I was thinking that containers is the future, and I’m not using conventional technologies to host my websites.

If these containers are not meant to be used the way I use them, I won’t risk any client websites. I’ll have to go back to setting up a dedicated server/apache/php/mariadb/letsencrypt etc. Huge hassle of course, since containers are so easy, but I can’t take any chances.

@aptalca thanks, I’ll have a read.

It boils down to commercial support, we will make a best effort not to break stuff, but we are an open source organization with 100% volunteers.

The general message is don’t come to us complaining that you lost a bunch of money or something because you did not blue/green your infra properly. We take zero responsibility and might not be around to fix something for days/weeks.

@TheLamer I understand.
Just trying to find ways to prevent future issues.

You guys have more experience working with containers. Is it possible to replicate an existing docker server, so if anything goes wrong, I can change the A records on the domains and redirect traffic to the replica server?

Read the guide I linked, it tells you the most basic practices needed to easily revert back to a previously working version 100%

Use that info as a base and develop your own method of versioned backups

1 Like