Ephemeral Docker Volumes

by immontilla

There may be cases where you do not want to store a container’s data on the host machine, but you also don’t want to write the data into the container’s writable layer, for performance or security reasons.

Use tmpfs mounts https://docs.docker.com/engine/admin/volumes/tmpfs/

That's why I removed the VOLUME instruction in the immontilla/secure-file-uploader's Dockerfile.

FROM alpine/git as clone
LABEL maintainer="Iván Mauricio Montilla Figueroa"
WORKDIR /app
RUN git clone --progress https://github.com/immontilla/file-uploading-web-app.git

FROM maven:alpine as build
WORKDIR /app
COPY --from=clone /app/file-uploading-web-app /app
RUN mvn -DskipTests=true clean install && cp target/secure-upload-1.0.0.jar app.jar

FROM openjdk:8-jdk-alpine
WORKDIR /app
COPY --from=build /app/app.jar /app
EXPOSE 8090
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","app.jar"]

First, you have to start the ClamAV container, otherwise, all the files will be rejected because they can't be scanned for virus.

docker run -d --name av mkodockx/docker-clamav

Then, you can start the file uploader container.

docker run -d --link av:clamavd --volume csv-files:/tmp/safe --tmpfs /tmp/unsafe -p 8090:8090 --name secure-csv-uploader immontilla/secure-file-uploader

Finally, you can check the functionality trying to upload some files at http://localhost:8090/.

Commands to remember
  • To list the docker volumes
docker volume ls
  • To see information about the volume csv-files - including its path on the host machine.
docker volume inspect csv-files
  • To list the uploaded files
csvFilesPath=$(docker volume inspect csv-files | grep -oP '(?<="Mountpoint": ")[^"]*')

sudo ls -l $csvFilesPath