We automatically verified SSL enablement (self-signed certificate) using Docker-compose. I built 2 sets of WordPress, phpMyAdmin. ** Work equipment: Raspberry Pi 4 Model B OS: CentOS 8 **
|---------- .env → environment file
|---------- certs
| server.crt、server.key → Self-signed certificate file
|---------- docker-compose.yml
|---------- php
| php.ini → wordpress configuration file
|---------- ssl
| default-ssl.conf → SSL configuration file
|---------- tmp
| Dockerfile-pm → for phpmyadmin
| Dockerfile-wp → for Wordpress
.env
DBUSER=root
DBPASS=root-pass
DATABASE1=wp1-db
DATABASE2=wp2-db
DBHOST=db:3306
docker-compose.yml
version: '3.3'
services:
db:
image: mariadb:latest
volumes:
- db_data:/var/lib/mysql
restart: always
container_name: mariadb
environment:
TZ: Asia/Tokyo
MYSQL_ROOT_PASSWORD: ${DBPASS}
phpmyadmin:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-pm
volumes:
- ./certs:/etc/ssl/private
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
ports:
- 8243:443
restart: always
container_name: phpmyadmin
environment:
PMA_HOST: db
TZ: Asia/Tokyo
wordpress1:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-wp
volumes:
- ./wp1:/var/www/html
- ./certs:/etc/ssl/private
- ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
- ./tmp:/tmp
ports:
- "8043:443"
restart: always
container_name: wordpress1
environment:
TZ: Asia/Tokyo
WORDPRESS_DB_HOST: ${DBHOST}
WORDPRESS_DB_USER: ${DBUSER}
WORDPRESS_DB_PASSWORD: ${DBPASS}
WORDPRESS_DB_NAME: ${DATABASE1}
wordpress2:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-wp
volumes:
- ./wp2:/var/www/html
- ./certs:/etc/ssl/private
- ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
- ./tmp:/tmp
ports:
- "8143:443"
restart: always
container_name: wordpress2
environment:
TZ: Asia/Tokyo
WORDPRESS_DB_HOST: ${DBHOST}
WORDPRESS_DB_USER: ${DBUSER}
WORDPRESS_DB_PASSWORD: ${DBPASS}
WORDPRESS_DB_NAME: ${DATABASE2}
volumes:
db_data: {}
php.ini
post_max_size = 20M
upload_max_filesize = 20M
** Remarks: Specify the file size for upload. ** **
default-ssl.conf
:※abridgement
32 lines SSLCertificateFile/etc/ssl/private/server.crt
Line 33 SSLCertificateKeyFile/etc/ssl/private/server.key
:※abridgement
** Remarks: This file has only 32 and 33 lines modified. ** **
Dockerfile-pm
FROM phpmyadmin:latest
RUN service apache2 start
RUN a2ensite default-ssl
RUN a2enmod ssl
Dockerfile-wp
FROM wordpress:latest
RUN service apache2 start
RUN a2ensite default-ssl
RUN a2enmod ssl
RUN chmod 777 /tmp
** Remarks: Access right is given to the tmp folder when uploading a file. ** **
# docker-compose up -d
Creating network "docker_wp_default" with the default driver
Creating volume "docker_wp_db_data" with default driver
Pulling db (mariadb:latest)...
latest: Pulling from library/mariadb
a970164f39c1: Pull complete
e9c66f1fb5a2: Pull complete
94362ba2c285: Pull complete
6bcca3b8e9ae: Pull complete
4574fdafdba3: Pull complete
880d0554f10d: Pull complete
42f3039f6a26: Pull complete
84249a7eb6ff: Pull complete
d0c034fd6c1f: Pull complete
2b6de021f14a: Pull complete
0d8fa68dc283: Pull complete
675456d7859d: Pull complete
Digest: sha256:cdc553f0515a8d41264f0855120874e86761f7c69407b5cfbe49283dc195bea8
Status: Downloaded newer image for mariadb:latest
Building phpmyadmin
Step 1/4 : FROM phpmyadmin:latest
---> 9bd7e29f6e60
Step 2/4 : RUN service apache2 start
---> Running in 1053de9c2f76
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 1053de9c2f76
---> 68db5fb82369
Step 3/4 : RUN a2ensite default-ssl
---> Running in 8ddc3b6f9ecb
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
Removing intermediate container 8ddc3b6f9ecb
---> a20eb2b906ec
Step 4/4 : RUN a2enmod ssl
---> Running in 80cd71dbcf92
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
Removing intermediate container 80cd71dbcf92
---> 2e6c3e41fd0e
Successfully built 2e6c3e41fd0e
Successfully tagged docker_wp_phpmyadmin:latest
WARNING: Image for service phpmyadmin was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress1
Step 1/5 : FROM wordpress:latest
---> aa391b024db5
Step 2/5 : RUN service apache2 start
---> Running in 9f1feb98ad8b
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 9f1feb98ad8b
---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
---> Running in 6f10096df3eb
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
Removing intermediate container 6f10096df3eb
---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
---> Running in 406f2cbef4cf
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
Removing intermediate container 406f2cbef4cf
---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
---> Running in 0d2e6a1bf658
Removing intermediate container 0d2e6a1bf658
---> f80f64964118
Successfully built f80f64964118
Successfully tagged docker_wp_wordpress1:latest
WARNING: Image for service wordpress1 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress2
Step 1/5 : FROM wordpress:latest
---> aa391b024db5
Step 2/5 : RUN service apache2 start
---> Using cache
---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
---> Using cache
---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
---> Using cache
---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
---> Using cache
---> f80f64964118
Successfully built f80f64964118
Successfully tagged docker_wp_wordpress2:latest
WARNING: Image for service wordpress2 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating mariadb ... done
Creating wordpress2 ... done
Creating phpmyadmin ... done
Creating wordpress1 ... done
# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------
mariadb docker-entrypoint.sh mysqld Up 3306/tcp
phpmyadmin /docker-entrypoint.sh apac ... Up 0.0.0.0:8243->443/tcp, 80/tcp
wordpress1 docker-entrypoint.sh apach ... Up 0.0.0.0:8043->443/tcp, 80/tcp
wordpress2 docker-entrypoint.sh apach ... Up 0.0.0.0:8143->443/tcp, 80/tcp
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker_wp_wordpress1 latest f80f64964118 About a minute ago 494MB
docker_wp_wordpress2 latest f80f64964118 About a minute ago 494MB
docker_wp_phpmyadmin latest 2e6c3e41fd0e About a minute ago 430MB
** Remarks: It seems to be related to WARNING: Image for service wordpress2 was built because it did not already exist. **
We verified by combining Docker-compose and Docker. SSL enabled was for Apache installed on Docker. This method is self-verification!
Recommended Posts