Hilscher Community Forum
Docker Compose - Printable Version

+- Hilscher Community Forum (https://forum.hilscher.com)
+-- Forum: netFIELD Connect - Cloud managed Docker based Industrial Raspberry Pi 3 (https://forum.hilscher.com/forum-23.html)
+--- Forum: Software (https://forum.hilscher.com/forum-25.html)
+--- Thread: Docker Compose (/thread-780.html)



Docker Compose - tad - November-5th-2021

Dear Sir,

Can 'Docker Compose' be used from the Terminal section of netFIELD Device Manager?
As far as I tried with netFIELD On-Premise, there is no problem found.
If I can create and run containers by Docker Compose, it must be useful when setting up several netFIELD Connect(s) with the same containers.

Thank you very much for your information.
Best regards,


RE: Docker Compose - Armin@netPI - November-5th-2021

Yes the feature "docker-compose" is integrated in any netFIELD OS driven edge device made by hilscher. Concrete the netFIELD Connect and netFIELD OnPremise gateway devices both support the command "docker-compose".

You can use the command via the embedded web terminal as you said or via SSH over a remote terminal session.


RE: Docker Compose - tad - November-5th-2021

Dear Armin,

Thank you very much for your quick response.
I think use of Docker Compose is advantage against netPI.

And, could I ask you one more question?
In case of netPI, I can follow IEC 62443 security policy easily.
I think one of reasons is that SSH is permanently disabled.
But, in case of netFIELD, can I follow IEC 62443 even though SSH is enabled.

Thank you very much for your advice.
Best regards,


RE: Docker Compose - Armin@netPI - November-5th-2021

Yes of course you can. The IEC 62443 defines

a.) that all communications to a device needs to be encrypted using TLS security
b.) that all open ports like 22 for SSH or 80/443 for web user interface need to be protected by a username and password

Both prerequisites are fulfilled with the SSH port on netFIELD devices.

And if a customer feels very strong vulnerability across the default open SSH port ... then he can disable the service easily in all netFIELD devices with "sudo systemctl stop ssh" and "sudo systemctl disable ssh". Then the service is no more active. So you see it is customer dependent and the customer has a choice. With netPI he did not have any choice ... it was always disable ... so what do you feel is better. Choice or no choice?

Thx
Armin


RE: Docker Compose - tad - November-6th-2021

Dear Armin,

Thank you very much for explanation of IEC 62443 on SSH.
Of course, I prefer to be able to choose enabling/disabling SSH.

Best regards,