all three containers works with alpine and user are configured

README.md

@@ -27,45 +27,9 @@
 - ? `rm -rf /var/lib/apt/lists/*` ?
 
 ---
-## nginx basics
-
-- `sudo netstat -tulpn` to print network connections and see if nginx is running
-- or : `ps -ax | grep nginx`
-- `sudo nginx -s quit` to stop it
-- `sudo docker system prune -af --volumes` -> `-a` also unused images, `-f` without prompt for confirmation
-	- remove stopped containers
-	- remove unused networks
-	- remove unused images
-	- remove build cache
-- `sudo docker ps -q` all runnings containers
-- `sudo docker stop $(sudo docker ps -q)` stop all runnings containers
-
----
-## Docker basics
-
-- the container posess its own filesystem
-- we need to copy the files it uses inside this filesystem
-- we can do that with COPY
-
-**build and run a docker image**
-- `sudo docker build --tag <name> .`
-- `sudo docker run <name>`
-- `sudo docker images` to list docker images
-- `sudo docker image rm <number>`
-- `sudo docker ps` to list docker processes
-- `sudo docker ps rm <name>`
-
-**execute a docker-compose file**
-- `sudo docker-compose up`
-- or `sudo docker-compose -f ./path up` to specify a path
-
----
-## docker-compose :
-
-- [docker compose volumes](https://docs.docker.com/compose/compose-file/#volumes)
-
 #### docker :
 - [docker starter guide](https://docs.docker.com/get-started/)
+- [docker compose volumes](https://docs.docker.com/compose/compose-file/#volumes)
 - [docker glossaire](https://docs.docker.com/glossary/)
 - [Dockerfile syntaxe](https://docs.docker.com/engine/reference/builder/)
 - [determine the parent image](https://forums.docker.com/t/determine-the-parent-image/48611)
@@ -84,6 +48,24 @@
 - [depends_on](https://docs.docker.com/compose/compose-file/#depends_on)
 - [compose and env var](https://docs.docker.com/compose/environment-variables/)
 - [specify path to named volumes](https://docs.docker.com/compose/compose-file/#volumes-top-level-element)
+- [pass secret to container](https://medium.com/@zdk/simple-and-secure-way-to-pass-secrets-and-credentials-into-docker-containers-c2f66175b0a4)
+
+	###### Docker basics
+	- the container posess its own filesystem
+	- we need to copy the files it uses inside this filesystem
+	- we can do that with COPY
+
+	###### build and run a docker image
+	- `sudo docker build --tag <name> .`
+	- `sudo docker run <name>`
+	- `sudo docker images` to list docker images
+	- `sudo docker image rm <number>`
+	- `sudo docker ps` to list docker processes
+	- `sudo docker ps rm <name>`
+
+	###### execute a docker-compose file
+	- `sudo docker-compose up`
+	- or `sudo docker-compose -f ./path up` to specify a path
 
 	###### docker pid 1
 	- nginx by default will create some child process (a master and some workers), then it quits (doc ?)
@@ -148,6 +130,7 @@
 	- it seems that using "secrets" only improve security for a swarm, when you must share your secrets with others, but if not the case, .env is as much secure ?
 	- to use secret in docker-compose, we need to use swarm, but it doesn't allow to use build, or up, so everything is different then and I don't have time to understand it fully
 
+---
 #### nginx
 - [nginx begginer guide](https://hub.docker.com/_/nginx/)
 - [nginx all directives for conf file](https://nginx.org/en/docs/dirindex.html)
@@ -157,11 +140,25 @@
 - [configuring nginx with php-fpm](https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/#connecting-nginx-to-php-fpm)
 - [configuring nginx with alpine](https://wiki.alpinelinux.org/wiki/Nginx)
 
+	###### nginx basics
+	- `sudo netstat -tulpn` to print network connections and see if nginx is running
+	- or : `ps -ax | grep nginx`
+	- `sudo nginx -s quit` to stop it
+	- `sudo docker system prune -af --volumes` -> `-a` also unused images, `-f` without prompt for confirmation
+		- remove stopped containers
+		- remove unused networks
+		- remove unused images
+		- remove build cache
+	- `sudo docker ps -q` all runnings containers
+	- `sudo docker stop $(sudo docker ps -q)` stop all runnings containers
+
+---
 #### openssl
 - [openssl faq](https://www.openssl.org/docs/faq.html)
 - [openssl req man](https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html)
 - [SO discussion about ssl self signed certificate and becoming a CA](https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl)
 
+---
 #### mariadb
 - [mariadb tutorial](https://www.mariadbtutorial.com/)
 - server vs client :
@@ -178,6 +175,14 @@
 - [mysql commande line](https://mariadb.com/kb/en/mysql-command-line-client/)
 - [use mysql in script](https://stackoverflow.com/questions/59608632/mariadb-create-database-and-execute-sql-script-without-character-from-the)
 - [no need to use FLUSH PRIVILEGES after GRANT](https://stackoverflow.com/questions/36463966/mysql-when-is-flush-privileges-in-mysql-really-needed)
+
+- [can't connect to local server through socket](]https://stackoverflow.com/questions/11990708/error-cant-connect-to-local-mysql-server-through-socket-var-run-mysqld-mysq#23485424)
+```
+Can't connect to local server through socket '/run/mysqld/mysqld.sock'
+
+sudo / find -type s
+/var/lib/mysql/mysql.sock
+```
 - [mysqld](https://dev.mysql.com/doc/refman/8.0/en/mysqld.html)
 
 	###### mariadb basic commands :
@@ -204,7 +209,7 @@
 		```
 		DROP DATABASE <name>;
 		```
-
+---
 #### wordpress
 - [install wp](https://wordpress.org/support/article/how-to-install-wordpress/#detailed-instructions)
 
@@ -213,7 +218,9 @@
 	- tar -xzvf latest.tar.gz
 
 - [php-fpm : Fastcgi Process Manager](https://en.wikipedia.org/wiki/FastCGI)
-- [install wp-cli](https://make.wordpress.org/cli/handbook/guides/installing/)
+- [install wp-cli](https://wp-cli.org/#installing)
+- [alternatives install](https://make.wordpress.org/cli/handbook/guides/installing/)
+- [exemple install with composer](https://github.com/aestetype/alpine-wp-cli/blob/master/Dockerfile)
 - [cli commands](https://developer.wordpress.org/cli/commands/)
 - [cli install wordpress](https://make.wordpress.org/cli/handbook/how-to-install/)
 

srcs/docker-compose.yml

@@ -10,7 +10,7 @@ version: "3.8"
 services:
 # ---------------------------------
   nginx:
-    restart: on-failure
+#    restart: on-failure
     networks:
       - inception
     ports:
@@ -24,12 +24,12 @@ services:
         condition: service_started
 # ---------------------------------
   mariadb:
-    restart: on-failure
+#    restart: on-failure
     env_file: .env
     networks:
       - inception
-    volumes:
-      - db_volume:/var/lib/mysql
+#    volumes:
+#      - db_volume:/var/lib/mysql
     build:
       context: ./requirements/mariadb
       args:
@@ -40,13 +40,16 @@ services:
     container_name: mariadb_container
 # ---------------------------------
   wordpress:
-    restart: on-failure
+#    restart: on-failure
     env_file: ./.env
     networks:
       - inception
     volumes:
       - wp_volume:/var/www/html
-    build: ./requirements/wordpress
+    build:
+      context: ./requirements/wordpress
+      args:
+        - WP_DIR=${WP_DIR}
     image: wordpress
     container_name: wordpress_container
     depends_on:

srcs/requirements/mariadb/Dockerfile

@@ -2,10 +2,6 @@
 
 #	FROM debian:buster
 #
-#	ARG DB_NAME
-#	ARG DB_USER
-#	ARG DB_PSWD
-#
 #	RUN	apt update && apt install -y \
 #		mariadb-client \
 #		mariadb-server \
@@ -19,10 +15,6 @@
 
 	FROM alpine:3.15
 
-	ARG DB_NAME
-	ARG DB_USER
-	ARG DB_PSWD
-
 	# vim and bash for debug
 	RUN apk update && apk add \
 		mariadb \
@@ -36,6 +28,10 @@
 
 # common -----------------------------------------------------
 
+ARG DB_NAME
+ARG DB_USER
+ARG DB_PSWD
+
 # init mysql database
 RUN mysql_install_db --user=mysql --ldata=/var/lib/mysql && \
 	mkdir -p /var/run/mysqld && \
@@ -43,6 +39,9 @@ RUN mysql_install_db --user=mysql --ldata=/var/lib/mysql && \
 
 # configure wp database
 COPY ./conf/create_db.sql /usr/bin/create_db.sql
+RUN sed -i "s/\${DB_NAME}/${DB_NAME}/g" /usr/bin/create_db.sql
+RUN sed -i "s/\${DB_USER}/${DB_USER}/g" /usr/bin/create_db.sql
+RUN sed -i "s/\${DB_PSWD}/${DB_PSWD}/g" /usr/bin/create_db.sql
 
 ENTRYPOINT [ "mysqld", "--user=mysql", "--init-file=/usr/bin/create_db.sql" ]
 

srcs/requirements/mariadb/conf/mariadb-server.cnf.alpine

@@ -14,7 +14,6 @@
 #   < socket=/var/lib/mysql/mysql.sock
 #   >
 
-
 #
 # These groups are read by MariaDB server.
 # Use it for options that only the server (but not clients) should see
@@ -27,7 +26,7 @@
 skip-networking = false
 datadir = /var/lib/mysql
 port = 3306
-socket=/var/lib/mysql/mysql.sock
+socket=/run/mysqld/mysqld.sock
 
 # Galera-related settings
 [galera]

srcs/requirements/nginx/Dockerfile

@@ -28,6 +28,10 @@
 	COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
 	COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
 
+	# create user www-data and assign it to group www-data
+	RUN adduser -S www-data && \
+		adduser www-data www-data
+
 # common -----------------------------------------------------
 
 # personalized index.html

srcs/requirements/nginx/conf/nginx.conf.alpine

@@ -1,6 +1,12 @@
+# inception modifications :
+#
+# user :
+#   < user www-data
+#   > user nginx
+
 # /etc/nginx/nginx.conf
 
-user nginx;
+user www-data;
 
 # Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;

srcs/requirements/wordpress/Dockerfile

@@ -1,20 +1,54 @@
-FROM debian:buster
+# debian -----------------------------------------------------
 
-# bash and vim for debug
-RUN apt update && apt install -y \
-	php7.3 \
-	php7.3-fpm \
-	php7.3-mysqli \
-	mariadb-client \
-	curl \
-	bash vim
-RUN rm -rf /var/lib/apt/lists/*
+#	FROM debian:buster
+#
+#	# bash and vim for debug
+#	RUN apt update && apt install -y \
+#		php7.3 \
+#		php7.3-fpm \
+#		php7.3-mysqli \
+#		curl \
+#		bash vim
+#	RUN rm -rf /var/lib/apt/lists/*
+#
+#	# fpm config
+#	COPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/
+#	RUN mkdir /run/php/
+#
+#	ENV PHP_VERSION="php-fpm7.3"
 
-# fpm config
-COPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/
-RUN mkdir /run/php/
+# alpine -----------------------------------------------------
 
-# install wp-cli : https://make.wordpress.org/cli/handbook/guides/installing/
+	FROM alpine:3.15
+
+	# bash and vim for debug
+	RUN apk update && apk add \
+		php7 \
+		php7-fpm \
+		php7-mysqli \
+		php7-phar \
+		php7-json \
+		curl \
+		bash vim
+	RUN rm -rf /var/lib/apt/lists/*
+
+	# fpm config
+	COPY ./conf/www.conf /etc/php7/php-fpm.d/
+	RUN mkdir /run/php/
+
+	# create wp directory
+	ARG WP_DIR
+	RUN mkdir -p ${WP_DIR} 
+
+	# create www-data user and add to group
+	RUN adduser -S www-data && \
+		adduser www-data www-data
+
+	ENV PHP_VERSION="php-fpm7"
+
+# common -----------------------------------------------------
+
+# install wp-cli : https://wp-cli.org/#installing
 RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar &&\
 	chmod +x wp-cli.phar && \
 	mv wp-cli.phar /usr/local/bin/wp

srcs/requirements/wordpress/conf/wp_entrypoint.sh

@@ -4,10 +4,6 @@
 mkdir -p ${WP_DIR}
 wp core download --path="${WP_DIR}" --allow-root
 
-#	mariadb --execute="CREATE DATABASE ${DB_NAME};" && \
-#	mariadb --execute="CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PSWD}';" && \
-#	mariadb --execute="GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost' with grant option;"
-
 ## create config file :
 wp config create \
 	--dbhost=mariadb \
@@ -28,11 +24,11 @@ wp core install \
 
 ## create user :
 wp user create \
-	${WP_USER} ${WP_USER_EMAIL} \
-	--user_pass=${WP_USER_PSWD} \
-	--path=${WP_DIR} --allow-root
-chown -R nginx:nginx /var/www/*
+	"${WP_USER}" "${WP_USER_EMAIL}" \
+	--user_pass="${WP_USER_PSWD}" \
+	--path="${WP_DIR}" --allow-root
+chown -R www-data:www-data /var/www/*
 chmod 755 -R /var/www/*
 
-exec php-fpm7.3 -F
-#exec php-fpm7.3 --nodaemonize
+exec ${PHP_VERSION} -FR
+

srcs/requirements/wordpress/conf/www.conf

@@ -1,4 +1,5 @@
 ; inception modifications :
+;
 ; listen :
 ;   < listen = wordpress:9000
 ;   > listen = /run/php/php7.3-fpm.sock