diff --git a/README.md b/README.md index d6ea6c1..64cd3b0 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,7 @@ - `%` means all entrant connections, while `localhost` means only localhost connections - [mysql commande line](https://mariadb.com/kb/en/mysql-command-line-client/) - [use mysql in script](https://stackoverflow.com/questions/59608632/mariadb-create-database-and-execute-sql-script-without-character-from-the) +- [no need to use FLUSH PRIVILEGES after GRANT](https://stackoverflow.com/questions/36463966/mysql-when-is-flush-privileges-in-mysql-really-needed) ###### mariadb basic commands : - create user : @@ -161,7 +162,6 @@ use mysql; CREATE USER 'some_user'@'%' IDENTIFIED BY 'some_pass'; GRANT ALL PRIVILEGES ON *.* TO 'some_user'@'%' WITH GRANT OPTION; - FLUSH PRIVILEGES; ``` - show users : ``` @@ -180,6 +180,14 @@ DROP DATABASE ; ``` + ###### use password in container : + - [with env variables in compose](https://docs.docker.com/compose/environment-variables/) + - [so discussion](https://stackoverflow.com/questions/22651647/docker-and-securing-passwords) + - [docker build --secret tag](https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) + - [use secret with docker](https://www.rockyourcode.com/using-docker-secrets-with-docker-compose/) + - [use secret with docker SO](https://stackoverflow.com/questions/42139605/how-do-you-manage-secret-values-with-docker-compose-v3-1) + + #### php-fpm - [](https://en.wikipedia.org/wiki/FastCGI) diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index a29ab64..c4cfd11 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -8,20 +8,16 @@ version: "3.8" services: - # --------------------------------- test: - build: context: ./requirements/test dockerfile: Dockerfile image: test container_name: mytest - # --------------------------------- nginx: - -# restart: on-failure + #restart: on-failure ports: - "80:80" - "443:443" @@ -29,18 +25,20 @@ services: context: ./requirements/nginx dockerfile: Dockerfile image: nginx - # image: nginx_debian container_name: mynginx - # container_name: mynginx_debian - # --------------------------------- mariadb: -# restart: on-failure + #restart: on-failure build: context: ./requirements/mariadb dockerfile: Dockerfile image: mariadb container_name: mymariadb + #--secret id=mysecret,src=mysecret.txt + secrets: + - my_secret -# --------------------------------- +secrets: + my_secret: + file: ./secret.txt diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile index e76a0e7..bbbb8ca 100644 --- a/srcs/requirements/mariadb/Dockerfile +++ b/srcs/requirements/mariadb/Dockerfile @@ -2,14 +2,19 @@ FROM debian:buster ARG DEBIAN_FRONTEND=noninteractive +# docker build --secret tag : https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) +# use secret with docker : https://www.rockyourcode.com/using-docker-secrets-with-docker-compose/) +RUN --mount=type=secret,id=my_secret cat /run/secrets/my_secret.txt +#RUN cat /run/secrets/my_secret.txt + RUN apt update && \ apt install -y mariadb-client mariadb-server && \ rm -rf /var/lib/apt/lists/* && \ \ service mysql start && \ - mariadb --execute="create database db_hugo_test;" && \ - mariadb --execute="create user 'u_hugo_test'@'localhost' identified by 'hello';" && \ - mariadb --execute="grant all privileges on *.* to 'u_hugo_test'@'localhost' with grant option;" + mariadb --execute="CREATE DATABASE db_hugo_test;" && \ + mariadb --execute="CREATE USER 'u_hugo_test'@'localhost' IDENTIFIED BY 'hello';" && \ + mariadb --execute="GRANT ALL PRIVILEGES ON *.* TO 'u_hugo_test'@'localhost' with grant option;" CMD [ "mysqld" ] diff --git a/srcs/secret.txt b/srcs/secret.txt new file mode 100644 index 0000000..1b01264 --- /dev/null +++ b/srcs/secret.txt @@ -0,0 +1 @@ +mon_super_mot_de_passe