Infrastructure7 min read

Running 22 Docker Containers on a Single Server: Our Infrastructure

How Trooply runs 6 AI products, 5 databases, and 11 infrastructure services on one machine. Docker Compose architecture, network isolation, resource limits, and lessons learned.

T
Trooply Engineering

22 Containers, 1 Server

When people hear we run 22 Docker containers on a single server, the first question is always: "How is that even stable?"

The answer is careful architecture. Here's how we do it.

What's Running

Our single server hosts:

6 AI Products (each in its own container):

  • Trooply Meet — AI video conferencing
  • Trooply Search — visual product search
  • Trooply Teams — team collaboration
  • Trooply Chatbot — RAG knowledge assistant
  • PharmaOS — pharmacy management
  • Translator — multi-language translation

5 Databases:

  • PostgreSQL 16 (shared, per-site isolated users)
  • Redis 7 (shared, per-site ACL)
  • MongoDB 7 (shared)
  • Meet-specific PostgreSQL + Redis (dedicated)

11 Infrastructure Services:

  • Nginx (reverse proxy)
  • Cloudflare Tunnel (secure ingress)
  • Docker Proxy (container management API)
  • CPanel (admin dashboard)
  • Uptime Kuma (monitoring)
  • Ollama (LLM inference)
  • Qdrant (vector database)
  • Whisper (speech-to-text)
  • LibreTranslate (translation engine)
  • Meet-specific MongoDB + Redis

Network Isolation

Every site runs on its own Docker network. Sites cannot communicate with each other — iptables rules block all cross-site traffic on the shared backend network.

Each site can reach:

  • Its own sidecar containers
  • Shared databases (with site-specific credentials)
  • The Docker Proxy API (for self-management)

Each site cannot reach:

  • Other site containers
  • The host filesystem
  • The Docker socket
  • The internet directly

Resource Limits

Every container has CPU and memory limits:

ServiceCPURAM
Site containers2-4 cores2-4 GB
Databases0.5 cores512 MB
GPU services2-4 cores2-8 GB

A runaway process in one container can't starve the others. Docker's cgroup limits enforce this at the kernel level.

What We Learned

  1. Network isolation is non-negotiable. Without iptables rules, a compromised container could access every other service on the backend network.
  1. Resource limits save you at 3 AM. One time, a search indexing job consumed all available RAM. Without limits, it would have killed PostgreSQL and every service that depends on it.
  1. Docker Compose is enough. We don't use Kubernetes. For a single-server deployment, Compose does everything we need with 90% less complexity.
  1. Automated recovery matters. Containers crash. A cron job checks every minute and restarts anything that's down. We average 0.5 unplanned restarts per week across all 22 containers.
  1. One GPU is surprisingly capable. Our NVIDIA RTX runs CLIP, Ollama, Whisper, and LibreTranslate concurrently. CUDA handles time-sharing automatically. At our current load, GPU utilization rarely exceeds 40%.

Want the same setup for your AI products? Let's talk.

DockerinfrastructureDevOpsself-hostedcontainers

Want to build something similar?

We help companies build and deploy AI products. Let's talk about your project.

Contact UsWhatsApp
← Back to all posts