Change of direction

[simonepri]

After the discussion here I've thought that maybe we can re-think the objective of the images that we ship on the Docker Hub.

Now, basically, we publish 20 images that just adds pm2 on the official node Docker repo. While they can be useful for some, the truth is that, as pointed out here, they may not be real value added for the community. (Even if there are more than 10k pull from the Docker Hub)

I believe that the common user just want to have a "production ready" container to ship his services. BUT the node's official images aren't suited for production. So, in that sense, it wouldn't be better to build our own HARDENED image that the users can pull and run?

Something like docker-alpine-hardened image.

@Unitech @vmarchaud What do you think? Is there a way to get some feedbacks from pm2's users?

[Unitech]

What we could do to offer a hardened Docker image:

• pm2-runtime instead of node with default for two clustered process
• pm2-runtime not started as root (#21)
• pre install v8-profiler for production diagnosis capabilities (#34)
• insert NODE_ENV=production by default

https://github.com/microversecloud/docker-alpine-hardened/blob/master/harden.sh is interesting

[simonepri]

What are your thought about the un-publish of all the 20 images?

I think that if we provide a single image we can then use a reasonable versioning on it. For instance we can publish something like: pm2:2.9.2 pm2:2.9 pm2:2

Each image will have a fixed version of node and a fixed version of pm2 this will guarantee that images based on our image will NEVER get broken. In that way, maybe, may have sense to publish them on the official Docker channel.

[Unitech]

Also I've found some interesting bits there:

• https://hub.docker.com/r/phusion/passenger-nodejs/
• https://github.com/phusion/baseimage-docker#contents

About the tags you suggest, we could not change the node version?