I have a normal Apache/MySQL serving a webapp that companies and users of those companies log in to. So everyone from all the companies are in the same Users table.
Whilst my code does try to keep the companies isolated in PHP, such as SELECT * FROM Users WHERE Company=$COMPANY , I do see the chances of an SQL injection to get private data from other customers as being quite likely as the code base is quite vast. We are reviewing the code, but at this rate we will be completed in years.
In the meantime, I was looking at Docker to hopefully give each of my customers their own container with Apache server (with a tiny buffer, and 2 php workers), and MySQL with a measly 32 or 64 MB of buffer pool. This container would then allow just 1 TCP connection for HTTPS, which would be reverse-proxied based on hostname (eg customer-a.mycompany.com). No files get written to disk. And the PHP source code would be kept up-to-date using git, so perhaps we could even put selected customers on our Beta version, for example.
I have been advised that Docker is not designed for the above scenario, and would not provide me with the security I seek.
I get that a hacker could inject code into 1 container and would affect that one customer. But would Docker not prevent discovery of the virtual hosts used for other customers, reducing the chances slightly that a hacker would have affect on most of my customers. Just one we could financially handle, but not 12.
Aside from security, I was excited about the possibility of the MySQL buffer pool being dedicated to each company was going to make the webapp generally faster because when Customer A does an insane SQL report, I am guessing the buffer pool gets overwritten with the insane report, so when Customer B does a simple query next, the data has to be fetched from disk all over again.
In the future, I would love to see these "containers" on a GUI, and be able to drag-and-drop them onto another server (faster, with less containers).. eg to offer "faster" speeds to certain power customers.
Does any of the above dreaming fit into reality for 2017?
What platform/tool do you think I should consider?
Generally, good web hosting providers use Cloud Linux to provide isolation and resource limits to multi-tenant hosting. However at your scale (12) I would suggest you go the docker route. Having a single container (or two) per customer to serve their site seems good to me. Not sure what security concern you are referring to but your in great shape if you:
If your customers share a database (for whatever reason) they obviously should have strict grants to make sure their user cannot query databases they shouldn't have access to. Databases which ONLY ONE customer queries should be separated into another container for maximum security. Keep ONLY THE SHARED database in the shared container.