From 334092253f579076ea2d1d84abca67cf5011b0e9 Mon Sep 17 00:00:00 2001 From: hugo gogo Date: Mon, 19 Sep 2022 23:46:28 +0200 Subject: [PATCH] all three containers works with alpine and user are configured --- README.md | 85 ++++++++++--------- srcs/docker-compose.yml | 15 ++-- srcs/requirements/mariadb/Dockerfile | 15 ++-- .../mariadb/conf/mariadb-server.cnf.alpine | 3 +- srcs/requirements/nginx/Dockerfile | 4 + .../requirements/nginx/conf/nginx.conf.alpine | 8 +- srcs/requirements/wordpress/Dockerfile | 62 +++++++++++--- .../wordpress/conf/wp_entrypoint.sh | 16 ++-- srcs/requirements/wordpress/conf/www.conf | 1 + 9 files changed, 129 insertions(+), 80 deletions(-) diff --git a/README.md b/README.md index 9105fba..7617d70 100644 --- a/README.md +++ b/README.md @@ -27,45 +27,9 @@ - ? `rm -rf /var/lib/apt/lists/*` ? --- -## nginx basics - -- `sudo netstat -tulpn` to print network connections and see if nginx is running -- or : `ps -ax | grep nginx` -- `sudo nginx -s quit` to stop it -- `sudo docker system prune -af --volumes` -> `-a` also unused images, `-f` without prompt for confirmation - - remove stopped containers - - remove unused networks - - remove unused images - - remove build cache -- `sudo docker ps -q` all runnings containers -- `sudo docker stop $(sudo docker ps -q)` stop all runnings containers - ---- -## Docker basics - -- the container posess its own filesystem -- we need to copy the files it uses inside this filesystem -- we can do that with COPY - -**build and run a docker image** -- `sudo docker build --tag .` -- `sudo docker run ` -- `sudo docker images` to list docker images -- `sudo docker image rm ` -- `sudo docker ps` to list docker processes -- `sudo docker ps rm ` - -**execute a docker-compose file** -- `sudo docker-compose up` -- or `sudo docker-compose -f ./path up` to specify a path - ---- -## docker-compose : - -- [docker compose volumes](https://docs.docker.com/compose/compose-file/#volumes) - #### docker : - [docker starter guide](https://docs.docker.com/get-started/) +- [docker compose volumes](https://docs.docker.com/compose/compose-file/#volumes) - [docker glossaire](https://docs.docker.com/glossary/) - [Dockerfile syntaxe](https://docs.docker.com/engine/reference/builder/) - [determine the parent image](https://forums.docker.com/t/determine-the-parent-image/48611) @@ -84,6 +48,24 @@ - [depends_on](https://docs.docker.com/compose/compose-file/#depends_on) - [compose and env var](https://docs.docker.com/compose/environment-variables/) - [specify path to named volumes](https://docs.docker.com/compose/compose-file/#volumes-top-level-element) +- [pass secret to container](https://medium.com/@zdk/simple-and-secure-way-to-pass-secrets-and-credentials-into-docker-containers-c2f66175b0a4) + + ###### Docker basics + - the container posess its own filesystem + - we need to copy the files it uses inside this filesystem + - we can do that with COPY + + ###### build and run a docker image + - `sudo docker build --tag .` + - `sudo docker run ` + - `sudo docker images` to list docker images + - `sudo docker image rm ` + - `sudo docker ps` to list docker processes + - `sudo docker ps rm ` + + ###### execute a docker-compose file + - `sudo docker-compose up` + - or `sudo docker-compose -f ./path up` to specify a path ###### docker pid 1 - nginx by default will create some child process (a master and some workers), then it quits (doc ?) @@ -148,6 +130,7 @@ - it seems that using "secrets" only improve security for a swarm, when you must share your secrets with others, but if not the case, .env is as much secure ? - to use secret in docker-compose, we need to use swarm, but it doesn't allow to use build, or up, so everything is different then and I don't have time to understand it fully +--- #### nginx - [nginx begginer guide](https://hub.docker.com/_/nginx/) - [nginx all directives for conf file](https://nginx.org/en/docs/dirindex.html) @@ -157,11 +140,25 @@ - [configuring nginx with php-fpm](https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/#connecting-nginx-to-php-fpm) - [configuring nginx with alpine](https://wiki.alpinelinux.org/wiki/Nginx) + ###### nginx basics + - `sudo netstat -tulpn` to print network connections and see if nginx is running + - or : `ps -ax | grep nginx` + - `sudo nginx -s quit` to stop it + - `sudo docker system prune -af --volumes` -> `-a` also unused images, `-f` without prompt for confirmation + - remove stopped containers + - remove unused networks + - remove unused images + - remove build cache + - `sudo docker ps -q` all runnings containers + - `sudo docker stop $(sudo docker ps -q)` stop all runnings containers + +--- #### openssl - [openssl faq](https://www.openssl.org/docs/faq.html) - [openssl req man](https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html) - [SO discussion about ssl self signed certificate and becoming a CA](https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl) +--- #### mariadb - [mariadb tutorial](https://www.mariadbtutorial.com/) - server vs client : @@ -178,6 +175,14 @@ - [mysql commande line](https://mariadb.com/kb/en/mysql-command-line-client/) - [use mysql in script](https://stackoverflow.com/questions/59608632/mariadb-create-database-and-execute-sql-script-without-character-from-the) - [no need to use FLUSH PRIVILEGES after GRANT](https://stackoverflow.com/questions/36463966/mysql-when-is-flush-privileges-in-mysql-really-needed) + +- [can't connect to local server through socket](]https://stackoverflow.com/questions/11990708/error-cant-connect-to-local-mysql-server-through-socket-var-run-mysqld-mysq#23485424) +``` +Can't connect to local server through socket '/run/mysqld/mysqld.sock' + +sudo / find -type s +/var/lib/mysql/mysql.sock +``` - [mysqld](https://dev.mysql.com/doc/refman/8.0/en/mysqld.html) ###### mariadb basic commands : @@ -204,7 +209,7 @@ ``` DROP DATABASE ; ``` - +--- #### wordpress - [install wp](https://wordpress.org/support/article/how-to-install-wordpress/#detailed-instructions) @@ -213,7 +218,9 @@ - tar -xzvf latest.tar.gz - [php-fpm : Fastcgi Process Manager](https://en.wikipedia.org/wiki/FastCGI) -- [install wp-cli](https://make.wordpress.org/cli/handbook/guides/installing/) +- [install wp-cli](https://wp-cli.org/#installing) +- [alternatives install](https://make.wordpress.org/cli/handbook/guides/installing/) +- [exemple install with composer](https://github.com/aestetype/alpine-wp-cli/blob/master/Dockerfile) - [cli commands](https://developer.wordpress.org/cli/commands/) - [cli install wordpress](https://make.wordpress.org/cli/handbook/how-to-install/) diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index ebd5103..354053a 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -10,7 +10,7 @@ version: "3.8" services: # --------------------------------- nginx: - restart: on-failure +# restart: on-failure networks: - inception ports: @@ -24,12 +24,12 @@ services: condition: service_started # --------------------------------- mariadb: - restart: on-failure +# restart: on-failure env_file: .env networks: - inception - volumes: - - db_volume:/var/lib/mysql +# volumes: +# - db_volume:/var/lib/mysql build: context: ./requirements/mariadb args: @@ -40,13 +40,16 @@ services: container_name: mariadb_container # --------------------------------- wordpress: - restart: on-failure +# restart: on-failure env_file: ./.env networks: - inception volumes: - wp_volume:/var/www/html - build: ./requirements/wordpress + build: + context: ./requirements/wordpress + args: + - WP_DIR=${WP_DIR} image: wordpress container_name: wordpress_container depends_on: diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile index e1955e3..d453329 100644 --- a/srcs/requirements/mariadb/Dockerfile +++ b/srcs/requirements/mariadb/Dockerfile @@ -2,10 +2,6 @@ # FROM debian:buster # -# ARG DB_NAME -# ARG DB_USER -# ARG DB_PSWD -# # RUN apt update && apt install -y \ # mariadb-client \ # mariadb-server \ @@ -19,10 +15,6 @@ FROM alpine:3.15 - ARG DB_NAME - ARG DB_USER - ARG DB_PSWD - # vim and bash for debug RUN apk update && apk add \ mariadb \ @@ -36,6 +28,10 @@ # common ----------------------------------------------------- +ARG DB_NAME +ARG DB_USER +ARG DB_PSWD + # init mysql database RUN mysql_install_db --user=mysql --ldata=/var/lib/mysql && \ mkdir -p /var/run/mysqld && \ @@ -43,6 +39,9 @@ RUN mysql_install_db --user=mysql --ldata=/var/lib/mysql && \ # configure wp database COPY ./conf/create_db.sql /usr/bin/create_db.sql +RUN sed -i "s/\${DB_NAME}/${DB_NAME}/g" /usr/bin/create_db.sql +RUN sed -i "s/\${DB_USER}/${DB_USER}/g" /usr/bin/create_db.sql +RUN sed -i "s/\${DB_PSWD}/${DB_PSWD}/g" /usr/bin/create_db.sql ENTRYPOINT [ "mysqld", "--user=mysql", "--init-file=/usr/bin/create_db.sql" ] diff --git a/srcs/requirements/mariadb/conf/mariadb-server.cnf.alpine b/srcs/requirements/mariadb/conf/mariadb-server.cnf.alpine index 84903f2..f555689 100644 --- a/srcs/requirements/mariadb/conf/mariadb-server.cnf.alpine +++ b/srcs/requirements/mariadb/conf/mariadb-server.cnf.alpine @@ -14,7 +14,6 @@ # < socket=/var/lib/mysql/mysql.sock # > - # # These groups are read by MariaDB server. # Use it for options that only the server (but not clients) should see @@ -27,7 +26,7 @@ skip-networking = false datadir = /var/lib/mysql port = 3306 -socket=/var/lib/mysql/mysql.sock +socket=/run/mysqld/mysqld.sock # Galera-related settings [galera] diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile index 44eb4ca..7cbe053 100644 --- a/srcs/requirements/nginx/Dockerfile +++ b/srcs/requirements/nginx/Dockerfile @@ -28,6 +28,10 @@ COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf COPY ./conf/inception_nginx.conf /etc/nginx/http.d/ + # create user www-data and assign it to group www-data + RUN adduser -S www-data && \ + adduser www-data www-data + # common ----------------------------------------------------- # personalized index.html diff --git a/srcs/requirements/nginx/conf/nginx.conf.alpine b/srcs/requirements/nginx/conf/nginx.conf.alpine index 58765cd..afe8267 100644 --- a/srcs/requirements/nginx/conf/nginx.conf.alpine +++ b/srcs/requirements/nginx/conf/nginx.conf.alpine @@ -1,6 +1,12 @@ +# inception modifications : +# +# user : +# < user www-data +# > user nginx + # /etc/nginx/nginx.conf -user nginx; +user www-data; # Set number of worker processes automatically based on number of CPU cores. worker_processes auto; diff --git a/srcs/requirements/wordpress/Dockerfile b/srcs/requirements/wordpress/Dockerfile index 2345590..4029031 100644 --- a/srcs/requirements/wordpress/Dockerfile +++ b/srcs/requirements/wordpress/Dockerfile @@ -1,20 +1,54 @@ -FROM debian:buster +# debian ----------------------------------------------------- -# bash and vim for debug -RUN apt update && apt install -y \ - php7.3 \ - php7.3-fpm \ - php7.3-mysqli \ - mariadb-client \ - curl \ - bash vim -RUN rm -rf /var/lib/apt/lists/* +# FROM debian:buster +# +# # bash and vim for debug +# RUN apt update && apt install -y \ +# php7.3 \ +# php7.3-fpm \ +# php7.3-mysqli \ +# curl \ +# bash vim +# RUN rm -rf /var/lib/apt/lists/* +# +# # fpm config +# COPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/ +# RUN mkdir /run/php/ +# +# ENV PHP_VERSION="php-fpm7.3" -# fpm config -COPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/ -RUN mkdir /run/php/ +# alpine ----------------------------------------------------- -# install wp-cli : https://make.wordpress.org/cli/handbook/guides/installing/ + FROM alpine:3.15 + + # bash and vim for debug + RUN apk update && apk add \ + php7 \ + php7-fpm \ + php7-mysqli \ + php7-phar \ + php7-json \ + curl \ + bash vim + RUN rm -rf /var/lib/apt/lists/* + + # fpm config + COPY ./conf/www.conf /etc/php7/php-fpm.d/ + RUN mkdir /run/php/ + + # create wp directory + ARG WP_DIR + RUN mkdir -p ${WP_DIR} + + # create www-data user and add to group + RUN adduser -S www-data && \ + adduser www-data www-data + + ENV PHP_VERSION="php-fpm7" + +# common ----------------------------------------------------- + +# install wp-cli : https://wp-cli.org/#installing RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar &&\ chmod +x wp-cli.phar && \ mv wp-cli.phar /usr/local/bin/wp diff --git a/srcs/requirements/wordpress/conf/wp_entrypoint.sh b/srcs/requirements/wordpress/conf/wp_entrypoint.sh index 6ebd701..5f31d50 100644 --- a/srcs/requirements/wordpress/conf/wp_entrypoint.sh +++ b/srcs/requirements/wordpress/conf/wp_entrypoint.sh @@ -4,10 +4,6 @@ mkdir -p ${WP_DIR} wp core download --path="${WP_DIR}" --allow-root -# mariadb --execute="CREATE DATABASE ${DB_NAME};" && \ -# mariadb --execute="CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PSWD}';" && \ -# mariadb --execute="GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost' with grant option;" - ## create config file : wp config create \ --dbhost=mariadb \ @@ -28,11 +24,11 @@ wp core install \ ## create user : wp user create \ - ${WP_USER} ${WP_USER_EMAIL} \ - --user_pass=${WP_USER_PSWD} \ - --path=${WP_DIR} --allow-root -chown -R nginx:nginx /var/www/* + "${WP_USER}" "${WP_USER_EMAIL}" \ + --user_pass="${WP_USER_PSWD}" \ + --path="${WP_DIR}" --allow-root +chown -R www-data:www-data /var/www/* chmod 755 -R /var/www/* -exec php-fpm7.3 -F -#exec php-fpm7.3 --nodaemonize +exec ${PHP_VERSION} -FR + diff --git a/srcs/requirements/wordpress/conf/www.conf b/srcs/requirements/wordpress/conf/www.conf index 211f62c..68a89e2 100644 --- a/srcs/requirements/wordpress/conf/www.conf +++ b/srcs/requirements/wordpress/conf/www.conf @@ -1,4 +1,5 @@ ; inception modifications : +; ; listen : ; < listen = wordpress:9000 ; > listen = /run/php/php7.3-fpm.sock