Hands-on Docker examples for real-world patterns β networking, proxying, resilience, security, observability, and more. Each project is self-contained and runnable with a single command.
| Project | What it demonstrates |
|---|---|
| π Traefik Reverse Proxy | Path-based routing (/service-a, /service-b) with Traefik using a static YAML file provider. No Docker socket required. |
| β‘ Traefik Circuit Breaker | Circuit breaker middleware that automatically stops forwarding requests to a failing backend and recovers after a timeout. |
| βοΈ HAProxy Load Balancer | Round-robin load balancing across multiple HTTP backends with HAProxy. |
| π Nginx Webserver | Static file server with gzip compression, security headers, cache control, custom error pages, and structured access logs. |
| 𧩠Varnish ESI | Edge Side Includes β assembling HTML pages from cached components using Varnish. |
| π¦ Queue-Based Site Access | Virtual waiting room in front of a protected page β Redis-backed FIFO queue, live position polling, ETA, atomic slot claiming, and a bypass-proof architecture where the target has no published port. |
| Project | What it demonstrates |
|---|---|
| π MongoDB Prefilled | MongoDB container that seeds a collection from a JSON file on startup. |
| π PostgreSQL Read Replicas | Primary + two read replicas with streaming replication β ready to test read scaling. |
| Project | What it demonstrates |
|---|---|
| π‘οΈ Secure Docker Container | Multi-stage build, non-root user, read-only filesystem, dropped capabilities β security hardening checklist in one Dockerfile. |
| π Build-Time Secret Handover | RUN --mount=type=secret vs --build-arg β why secrets passed as build args end up in the image history and how to avoid it. |
| π¦ API Keycloak Security | Go banking REST API secured with Keycloak (OIDC login, roles) and JWE token encryption β access tokens are RSA-encrypted so only the API can read the claims. |
| Project | What it demonstrates |
|---|---|
| π RabbitMQ Producer / Consumer | Work queue pattern with two Python services β one publishing messages, one consuming them. |
| π Spring Boot + OpenTelemetry + Elastic APM | Distributed tracing from a Spring Boot app through OpenTelemetry to Elastic APM and Kibana. |
| Project | What it demonstrates |
|---|---|
| β Local Kubernetes + ArgoCD | Fully local GitOps environment with kind, ArgoCD, and a local Git server β no cloud account needed. |
Every project has a Makefile. The common entry point is always:
make # show available targets
make demo # or: make upYou don't need to clone the entire repository. Use Git sparse checkout to get only the project you want:
git clone --no-checkout --depth 1 git@github.com:messeb/docker-playground.git
cd docker-playground
git sparse-checkout init --cone
git sparse-checkout set traefik-circuit-breaker
git checkout mainReplace traefik-circuit-breaker with any project folder name. To add more projects later:
git sparse-checkout add nginx-webserverPort conflicts β each project uses its own ports. Check the compose.yml before running two projects at the same time. Common ports used: 80, 8080, 5672, 15672, 5601.
Named networks β projects that use Traefik define a named Docker network (proxy, cb-net, β¦). Run docker network ls if you see unexpected network warnings after make down.
Rebuilding images β if you change application code, pass --build to rebuild:
docker compose up --buildOr use make clean (where available) to remove cached images entirely.
Following logs β attach to a specific service without restarting it:
docker compose logs -f <service-name>Inspecting a container β open a shell inside a running container:
docker compose exec <service-name> shStopping cleanly β make down (or docker compose down) stops and removes containers but keeps images. Add --rmi local to also remove locally built images, or --volumes to wipe named volumes (e.g. database data).