The aim of this project is to build and up the following services using docker-compose:
- MariaDB
- Wordpress
- NGiNX
- Adminer
- FTP
- Redis Cache
- Cadvisor
- Prometheus
As a one of the bonus, there is also a static webpage.
If your device has x86 arch, use VirtualBox and skip this block. (use uname -m, padawan)
I've done this project using Macbook Air (M1, ARM64)
If you want to do this project on M1 either, read the spoiler:
VirtualBox is not supported ARM, and as I read from the forum, they are not planning to do ARM version of it.
UTM turned out to be a great replacement for VB.
Once installed go the the gallery and select the image of the VM.
My choice was Debian 10.4 (LDXE), you can choose another. Even MacOS can be installed over your MacOS :)
To install shared folder, use this instruction.
Official docker docs says :
Some command line tools do not work when Rosetta 2 is not installed.
The old version 1.x of docker-compose. We recommend that you use Compose V2 instead.
Either type docker compose or enable the Use Docker Compose V2 option in the General preferences tab.
I decided to work with docker compose instead of docker-compose and it worked excellent.
.env file contains sensitive data in the enviroment variables.
Never store production environment and any important data in the repo!
Before writing Dockerfiles read the following and understand the concept of docker-init:
In all the containers I have used envsubst to replace env variables in the config files.
This is the first service you should up, because for mandatory part you have dependency chain:
MariaDB -> Wordpress -> Nginx
I could not install MariaDB on alpine 3.14, so I used alpine 3.7 for this container.
Wordpress is working under php-fpm, so I proxied to wordpress:port with fastcgi_pass.
Go ahead and take a look at a useful site with a descriptions of wp-cli commands.
I've used a bash script to generate certificates.
This script is called from the Makefile and it produces CA key, CA crt, server key and server crt files.
Certificates passed to containers through separate volume.
You can manually add CA certificate to the browser to avoid 'insecure' error. Add certificate to Mozilla Firefox
As for Nginx, ssl_protocols TLSv1.2 TLSv1.3; must be specified in config file.
In this project nginx is the entry point to all the services, except ftp.
Adminer is working under php-fpm as well, so I proxied to adminer:port with fastcgi_pass.
You can also start it under php and proxy with proxy_pass
Redis running in the separate container, and should be installed and activated as a wordpress plug-in.
It is OK for protected-mode no to be set in the redis.conf, as container is working only in the internal network
and has no access point from outside.
Port 21 and a range of passive ports are opened for FTP, see docker-compose.yml
As for ftp client, I used this called lftp.
lftp is a terminal client that supports a number of network protocols (ftp, http, sftp...).
Here is some examples of lftp usage:
# First, connect to some ftp server:
# lftp -u ftp_user ftp://mhufflep.42.fr
# ls # List files
# put <file_path> # Upload file
# get <file_path> # Download file
# rm <file_path> # Remove fileFor self-signed certificates with local CA, add this line to lftp config (/etc/lftp.conf on my system):
set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"
The info about these services could be found on the official pages:
Both of them are builded directly from their github repos.