MAP

changed plugin directory in wp

---

---

inception

• change host file in virtual machine to connect to hulamy.42.fr instead of localhost
• need to put the virtual machine on sgoinfre/goinfre/user/hulamy

---

questions

• ? will healthcheck continue after success, every 1 secondes ?
• ? why http to https redirection doesn't works ?

---

docker :

• docker compose man

• Dockerfile man

• determine the parent image

• docker image from scratch

• build context and image context

• run without sudo on linux

• run docker deamon rootless

• dangling images ''

• go inside docker to debug it - docker debug image with "docker run -it"

• docker exec -ti <container-name> bash to run bash inside a running container

• docker CMD vs ENTRYPOINT

• use env variable with compose

• using DEBIAN_FRONTEND=noninteractive disouraged in dockerfile

• docker network

• depends_on

• compose and env var

• specify path to named volumes

• pass secret to container

  Docker basics

  • the container posess its own filesystem
  • we need to copy the files it uses inside this filesystem
  • we can do that with COPY

  build and run a docker image

  • sudo docker build --tag <name> .
  • sudo docker run <name>
  • sudo docker images to list docker images
  • sudo docker image rm <number>
  • sudo docker ps to list docker processes
  • sudo docker ps rm <name>

  execute a docker-compose file

  • sudo docker-compose up
  • or sudo docker-compose -f ./path up to specify a path

  docker pid 1

  • nginx by default will create some child process (a master and some workers), then it quits (doc ?)
  • when the first process of a docker container exit, the container exit (doc ?)
  • so we must tell nginx to not go background : "-g 'daemon off'"
  • pid1 docker problem
  • official nginx docker image
  • "If you add a custom CMD in the Dockerfile, be sure to include -g daemon off; in the CMD in order for nginx to stay in the foreground, so that Docker can track the process properly (otherwise your container will stop immediately after starting)!"
  • SO discussion on "-g 'daemon off'"
  • "When PID 1 exits, the container will exit" (where is says in the doc ?)
  • "By design, containers started in detached mode exit when the root process used to run the container exits"

  install and use docker and compose

  • how to install docker engine

  • github releases

  • install last version of compose manually

  • install manually SO discussion

  • correct release version name for download with a 'v'

  • the version installed with apt is 1.17.1, way out of date

    remove old versions

    • sudo apt remove docker docker-engine docker.io containerd runc

    preparing directory

    • sudo apt update
    • sudo apt install ca-certificates curl gnupg lsb-release
    • sudo mkdir -p /etc/apt/keyrings
    • curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    • echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

    installing docker engine

    • sudo apt update
    • sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

    check if installation worked

    • sudo docker run hello-world

    installing docker compose (checked version on github release, see above)

    • notice the 'v' below, before the version name (docker doc has it wong)
    • sudo curl -L "https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    • sudo chmod +x /usr/local/bin/docker-compose

    run docker without sudo on linux (https://docs.docker.com/engine/install/linux-postinstall/)

    • sudo groupadd docker
    • sudo usermod -aG docker $USER
    • newgrp docker

  volumes vs bind mounts :

  • docker doc: use volumes
  • docker doc: use bind mounts
  • comparison volume vs bind mounts
  • fundamentals use of volumes and bind mounts
  • how volumes and bind mounts are really differents
  • bind mounts are normal files anywhere on the computer, that docker container can access with absolut path and modify. They can also be modified without docker, since they are juste files
  • volumes are only modifiable by docker, they don't need an absolut path, and they are not dependent of host architecture

  use password in container :

  • with env variables in compose
  • it's not safe to use arg to pass secret, since they are available through "docker history"
  • better use docker build --secret tag
  • so discussion
  • engine ref secret
  • compose secret
  • use secret with docker
  • use secret with docker SO
  • four ways to use secrets
  • it seems that using "secrets" only improve security for a swarm, when you must share your secrets with others, but if not the case, .env is as much secure ?
  • to use secret in docker-compose, we need to use swarm, but it doesn't allow to use build, or up, so everything is different then and I don't have time to understand it fully

---

nginx

• nginx begginer guide

• nginx all directives for conf file

• conf file in conf.d or sites-available ?

• command line parameters

• sudo nginx -t will launch a test to evaluate config file

• configuring nginx with php-fpm

• configuring nginx with alpine

  nginx basics

  • sudo netstat -tulpn to print network connections and see if nginx is running
  • or : ps -ax | grep nginx
  • sudo nginx -s quit to stop it
  • sudo docker system prune -af --volumes -> -a also unused images, -f without prompt for confirmation
    • remove stopped containers
    • remove unused networks
    • remove unused images
    • remove build cache
  • sudo docker ps -q all runnings containers
  • sudo docker stop $(sudo docker ps -q) stop all runnings containers

---

openssl

• openssl faq
• openssl req man
• SO discussion about ssl self signed certificate and becoming a CA

---

mariadb

• mariadb tutorial

• server vs client :

  • "server" runs in the background and listen for inputs
  • "client" interpret the commands to communicate with "server"

• sudo apt install mariadb-client mariadb-server

• wiki ubuntu mariadb

• list of directives

• ERROR 1698 (28000): Access denied for user 'root'@'localhost'

• ERROR 1698 (28000): Access denied for user 'root'@'localhost' 2

• meaning of % SO

• meaning of % doc

• % means all entrant connections, while localhost means only localhost connections

• mysql commande line

• use mysql in script

• no need to use FLUSH PRIVILEGES after GRANT

• can't connect to local server through socket

Can't connect to local server through socket '/run/mysqld/mysqld.sock'

sudo / find -type s
/var/lib/mysql/mysql.sock

• mysqld

  mariadb basic commands :

  • create user :

    # mysql -u root
    use mysql;
    CREATE USER 'some_user'@'%' IDENTIFIED BY 'some_pass';
    GRANT ALL PRIVILEGES ON *.* TO 'some_user'@'%' WITH GRANT OPTION;
    

  • show users :

    SELECT User, Host, plugin FROM mysql.user;
    

  • delete user :

    DROP USER <name>;
    

  • show databases :

    SHOW DATABASES;
    

  • delete database :

    DROP DATABASE <name>;
    

---

wordpress

• install wp

  install wp

  • wget https://wordpress.org/latest.tar.gz
  • tar -xzvf latest.tar.gz

• php-fpm : Fastcgi Process Manager

• install wp-cli

• alternatives install

• exemple install with composer

• cli commands

• cli install wordpress

• /wp-admin

• alias localhost

• sudo /etc/hosts -> 127.0.0.1 hulamy.42.fr