What is the preferred, secure method of exposing docker services to a web application?
I’m just getting into Docker and it’s great and everything, but one part confuses me. I’m using a docker image to encode video, and the image can be run like a command with docker run my/image -flag param1 etc. I also happen to be using Apache as my web server. Let’s say I want to allow a user to upload a video, so I process the upload with PHP, and I want to use PHP to run the docker image as a command via exec. The problem is that docker can only be run as root/sudo, so by default an exec command fails because the www-data user is not root and therefore does not have privileged access to run docker commands. I could add www-data to the docker group, but I’ve read that is a poor choice in terms of security. What is the approach I should be taking to utilize this docker image and expose its functionality to a web application?