{"id":13460391,"url":"https://github.com/Theo2lt/Inception","last_synced_at":"2025-03-24T19:32:07.988Z","repository":{"id":153969432,"uuid":"605040579","full_name":"Theo2lt/Inception","owner":"Theo2lt","description":"πŸͺ© 42 Inception πŸͺ© Quick start ","archived":false,"fork":false,"pushed_at":"2023-05-06T18:11:59.000Z","size":149638,"stargazers_count":27,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-29T06:33:25.638Z","etag":null,"topics":["42inception","42paris","42projects","42school","adminer","docker","docker-compose","dockerfile","ftp-server","mariadb","minecraft-server","ngnix","vsftpd-server","wordpress"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Theo2lt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-22T10:13:09.000Z","updated_at":"2024-10-12T15:34:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"9974dd51-4069-4b98-9ade-1f1316110cef","html_url":"https://github.com/Theo2lt/Inception","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Theo2lt%2FInception","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Theo2lt%2FInception/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Theo2lt%2FInception/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Theo2lt%2FInception/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Theo2lt","download_url":"https://codeload.github.com/Theo2lt/Inception/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245338418,"owners_count":20599038,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["42inception","42paris","42projects","42school","adminer","docker","docker-compose","dockerfile","ftp-server","mariadb","minecraft-server","ngnix","vsftpd-server","wordpress"],"created_at":"2024-07-31T10:00:41.160Z","updated_at":"2025-03-24T19:32:07.961Z","avatar_url":"https://github.com/Theo2lt.png","language":"HTML","readme":"# Inception\n\nThis project aims to deepen the knowledge of system administration.\n\nUse of dockerfile for the creation and management of custom images, micro services.\n\nUse of docker-compose for the deployment of containers, the creation and management of the network, storage space, etc ...\n\n## Table of contents\n\n- #### [DOCKER](#docker-1)\n- #### [STARTER PACK MARIADB - ADMINER ](#starter-pack--mariadb---adminer-)\n- #### [PHP-FPM \u0026 NGNIX](#php-fpm--ngnix-1)\n- #### [LOCAL DOMAINS IN LINUX](#local-domains-in-linux-2)\n- #### [SETUP A SELF-SIGNED SSL CERTIFICATE](#setup-a-self-signed-ssl-certificate-1)\n\n# Local Domains in Linux\n\n## Structure of the project with the bonuses\n\n\u003cimg src=\"./.img_readme/DGRB.png\"\u003e\n\n# DOCKER\n\n## BASIC DOCKER COMMANDS\n\n* ```docker ps -a``` : List active containers (-a is for showing all containers, running and stopped)\n* ```docker stop \u003cid\u003e/\u003cname\u003e``` : Stop running containers\n* ```docker start \u003cid\u003e/\u003cname\u003e``` : Start stopped containers\n* ```docker rm -f \u003cid\u003e/\u003cname\u003e``` : Remove containers (-f is for force the removal of a running container)\n* ```docker exec -it \u003cname\u003e bash``` : Execute a command in a running container\n\n\nTips to delete all containers, use: ```docker rm -f $(docker ps -qa)```\n\n## DOCKER RUN\n\n``` bash\n$ docker run [OPTIONS] IMAGE[:TAG]\n```\n\n| Parameters | Description |\n| :-------- | :-------------------------------- |\n| `-d` | Run container in background (daemon mode) |\n| `-it` | creating an interactive container |\n| `-p` | Publish a container port(s) to the host |\n| `--rm` | Automatically remove the container when it exits |\n| `--hostname` | Container host name |\n| `--name` | Assign a name to the container |\n\n#### Exemple \n```\n$ docker run -d -ti -p 80:80 --rm --name web-ngnix --hostname nginx-container nginx:latest\n```\nuse ```docker ps``` to list running containers\n``` bash\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n86335dfeaa0b nginx:latest \"/docker-entrypoint.…\" 7 seconds ago Up 6 seconds 0.0.0.0:80-\u003e80/tcp, :::80-\u003e80/tcp web-ngnix\n```\n\nWe can see that the container is running in daemon mode.\nThat the exposure of the ports is well done and that the name of the container is the one that we specified in parameter\n\n``` bash\n$ docker exec -it web-ngnix bash\n```\nThe docker exec command runs a new command in a running container.\n\n``` bash\n$ root@nginx-container:/# \n```\n\nWe can now see that the name specified in ```--hostname``` is applied\n\n\n## DOCKER VOLUMES \n\n#### The advantages of volumes : \n* Easy to persist data.\n* Convenient for making backups\n* Share data between multiple containers\n* Multi-containers and permissions\n\n\n#### Basic command for managed volumes :\n\n* ```docker volume ls``` : list volumes \n\n* ```docker volume create \u003cname\u003e``` : creating a new volume\n\n* ```docker volume rm \u003cname\u003e``` : delete a volume\n\n* ```docker volume inspect \u003cname\u003e``` : inspection of a volume\n\n#### The different types of volumes :\n* Bind Mount : ```Bind mounts are dependent on the directory structure and OS of the host machine```\n* Volumes Docker : ```volumes are completely managed by Docker```\n* TMPFS : ```As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only persisted in the host memory. When the container stops, the tmpfs mount is removed, and files written there won’t be persisted.```\n\n## DOCKER RUN WITH VOLUMES\n\n#### 1. Bind Mount :\n\n```sudo mkdir /data``` (creation of mount folder is necessary otherwise error will appear when using docker run)\n\n```docker run -d --name TestBindMount --mount type=bind,source=/data/,target=/usr/share/nginx/html -p 80:80 nginx:latest```\n\n```docker exec -ti TestBindMount bash```\n\n#### 2. Volumes Docker :\n\n```docker volume create mynginx``` (optional because if the volume is not created, docker will do it)\n\n```docker run -d --name TestVolume --mount type=volume,src=mynginx,destination=/usr/share/nginx/html -p 81:80 nginx:latest```\n\n```docker exec -ti TestVolume bash```\n\n#### 3. Tmpfs:\n\n```docker run -d --name TestTmpfs --mount type=tmpfs,destination=/usr/share/nginx/html -p 82:80 nginx:latest```\n\n```docker exec -ti TestTmpfs bash```\n\n#### To check data persistence you can delete all containers and recreate them !! (do not recreate the volumes)\n\n``` bash\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\nf0096643b045 nginx:latest \"/docker-entrypoint.…\" About a minute ago Up About a minute 0.0.0.0:82-\u003e80/tcp, :::82-\u003e80/tcp TestTmpfs\n92260c1f5880 nginx:latest \"/docker-entrypoint.…\" About a minute ago Up About a minute 0.0.0.0:81-\u003e80/tcp, :::81-\u003e80/tcp TestVolume\ndcad272f7531 nginx:latest \"/docker-entrypoint.…\" About a minute ago Up About a minute 0.0.0.0:80-\u003e80/tcp, :::80-\u003e80/tcp TestBindMount\n```\n\nIn each container modify/create the /usr/share/nginx/html/index.html, Remove containers and recreate.\nNow check if the changes have been saved.\n \nIf you are running docker on your OS.\nYou can admire the changes from your websites.\n\n* TestBindMount : http://localhost:80\n* TestVolume : http://localhost:81\n* TestTmpfs : http://localhost:82\n\n## ENVIRONEMENT VARIABLE (ENV, ENVFILE...)\n\n``` bash\n$ docker run -tid --name testenv --env MYVAR=\"123\" debian:latest\n```\nAdd to the docker environment the variable MYVAR=123\n``` bash\n$ docker exec -ti testenv bash\n```\nLook in the container for the environment variables with the \"env\" command.\n```\nroot@cb9e44034297:/# env\nHOSTNAME=cb9e44034297\nMYVAR=123\nPWD=/\nHOME=/root\nTERM=xterm\nSHLVL=1\nPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n_=/usr/bin/env\n```\n\nThis method works but is not secure for example for passwords.\nTo do this we will be able to add an env file \".ENV\"\n\nTo do this, we will create a \".ENV\" file in which we will put our environment variables. \n\"```vim .ENV```\" \n\n```\nMYPASSWORD=\"safepassword\"\nMYUSER=\"secretuser\"\nMYDB=\"BDD1\"\n```\n```\n$ docker run -tid --name testenv --env-file .ENV debian:latest\n$ docker exec -ti testenv bash\n```\nLook in the container for the environment variables with the \"env\" command.\n\n\n```\nroot@553c2ac8a657:/# env\nHOSTNAME=553c2ac8a657\nPWD=/\nHOME=/root\nMYPASSWORD=\"safepassword\"\nTERM=xterm\nSHLVL=1\nMYUSER=\"secretuser\"\nMYDB=\"BDD1\"\nPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n_=/usr/bin/env\n```\n\n## DOCKER NETWORK\n\n- Communication between containers or outside\n- Different types : bridge, host, none, overlay\n- Be careful, a container does not have a fixed IP address (stop / start)\n\n\n#### Basic command for managed network :\n\n* ```docker network ls``` : List networks\n\n* ```docker network create \u003cname\u003e``` : Create a network\n\n* ```docker network rm \u003cname\u003e``` : Remove one or more networks\n\n* ```docker network inspect \u003cname\u003e``` : Display detailed information on one or more networks\n\n\n#### IPs are not static\n\nIn general, IPs in a network are not static.\n\nThe addressing of the Ips depends on the starting order of the containers.\n\n#### Exemple\n\nCreate bridge network with name, mynetwork :\n``` bash\n$ docker network create --driver=bridge mynetwork\n```\nStart two container connect to network \"mynetwork\"\n``` bash\n$ docker run -d --name c1 --network mynetwork nginx:latest\n$ docker run -d --name c2 --network mynetwork nginx:latest\n```\nContainer 1 will have as ip address : 172.26.0.2 \n```\n$ docker inspect c1 --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'\n172.26.0.2 \n```\nContainer 2 will have as ip address : 172.26.0.3\n```\n$ docker inspect c2 --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'\n172.26.0.3\n```\nWe will now reverse the boot order\n```\nsudo docker stop c1\nsudo docker stop c2\n### reverse containers start order ###\nsudo docker start c2\nsudo docker start c1\n```\nWe can see that the ip addresses are no longer the same\n```\ndocker inspect c1 --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'\n172.26.0.3\n```\n\n```\ndocker inspect c2 --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'\n172.26.0.2\n```\n### If the ips change, how do the containers communicate ?\n\nThe containers will have to communicate with their name which redirects to the ip.\n\n```\nsudo docker exec -ti c1 bash \nroot@54bb6caca8fb:/# apt update \u0026\u0026 apt install iputils-ping -y\n### ping install ###\nroot@54bb6caca8fb:/# ping c2\nPING c2 (172.26.0.2) 56(84) bytes of data.\n64 bytes from c2.mynetwork (172.26.0.2): icmp_seq=1 ttl=64 time=0.099 ms\n64 bytes from c2.mynetwork (172.26.0.2): icmp_seq=2 ttl=64 time=0.204 ms\n```\n\nIt will therefore be necessary to use the name of the containers,\nin our different configurations, applications, programs to communicate.\nContainer names are used as domain names.\n\n## DOCKERFILE\n\nDockerfile is a configuration file for the purpose of creating an image\n\n#### Dockerfile benefit\n* Restart an image creation at any time\n* Better configuration visibility\n* Dockerfile editing script\n* Image creation, production or development\n\n\n### Instructions Dockerfile\n\n| β–‘| Instructions | Description |\n| :-| :------------------- | :-------------|\n| 1 | FROM | New build stage and sets the Base Image for subsequent instructions.|\n| 2 | MAINTAINER | author |\n| 3 | ARG | Defines a variable that users can pass when building the image |\n| 4 | ENV\t | Environment variable |\n| 4 | LABEL | Adding metadata |\n| 5 | VOLUME | Create a mount point |\n| 6 | RUN\t | Execute a command when creating the image |\n| 6 | COPY // ADD | Add a file and directory in the image |\n| 6 | WORKDIR | Allows you to change the current path |\n| 7 | EXPOSE | Port listened by the container (metadata) |\n| 9 | CMD // ENTRYPOINT | Execute a command when the container starts |\n\n\n\n## BUILD A IMAGE\n#### We will now create a mariadb image\n\nHere are the different files we need to build the image\n\n```bash\n$ tree\n.\nβ”œβ”€β”€ 50-server.cnf # Mariadb configuration file\nβ”œβ”€β”€ Dockerfile # The dockerfile to build the image\n└── script.sh # Database configuration script\n```\n\n\n```Dockerfile```\n``` .Dockerfile\n# SPECIFIES DISTRIBUTION\nFROM debian:buster\n\n# UPDATE AND INSTALLATION\nRUN apt-get update\nRUN apt install -y mariadb-server \n\n# COPY THE CONF FOR THE BIND AND THE SQL SCRIPT FOR THE PRIVILEGE\nCOPY 50-server.cnf /etc/mysql/mariadb.conf.d/\n\n# COPY THE SCRIPT IN THE IMAGES AND MODIFY THE EXECUTION RIGHTS OF IT\nCOPY script.sh /\nRUN chmod +x /script.sh\n\nENTRYPOINT [ \"/script.sh\" ]\n```\nBy default, the server does not accept external connections, or rather, it only accepts local connections (from the LoopBack address: localhost = 127.0.0.1).\nWe need change that !\n\n```50-server.cnf```\n``` .cnf\n[server]\n\n[mysqld]\n\nuser = mysql\npid-file = /run/mysqld/mysqld.pid\nsocket = /run/mysqld/mysqld.sock\nport = 3306\nbasedir = /usr\ndatadir = /var/lib/mysql\ntmpdir = /tmp\nlc-messages-dir = /usr/share/mysql\nlc-messages = en_US\nskip-external-locking\n\n# bind-address = 127.0.0.1 # You need to change this line to allow external connections\nbind-address = 0.0.0.0 # Now it's better :-)\n\nexpire_logs_days = 10\ncharacter-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\n\n[embedded]\n\n[mariadb]\n\n[mariadb-10.5]\n```\n\n\nScript.sh will be executed at entrypoint at runtime.\nthis allow us to initialize the environment variables with an ```.env```file\n\n```script.sh```\n\n``` .sh\n#!/bin/sh\nservice mysql start \n\n# CREATE USER #\necho \"CREATE USER '$BDD_USER'@'%' IDENTIFIED BY '$BDD_USER_PASSWORD';\" | mysql\n\n# PRIVILGES FOR ROOT AND USER FOR ALL IP ADRESS #\necho \"GRANT ALL PRIVILEGES ON *.* TO '$BDD_USER'@'%' IDENTIFIED BY '$BDD_USER_PASSWORD';\" | mysql\necho \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '$BDD_ROOT_PASSWORD';\" | mysql\necho \"FLUSH PRIVILEGES;\" | mysql\n\n# CREAT WORDPRESS DATABASE #\necho \"CREATE DATABASE $BDD_NAME;\" | mysql\n\nkill $(cat /var/run/mysqld/mysqld.pid)\n\nmysqld\n```\n## DOCKER BUILD : \n```\n$ docker build -t my-mariadb . \n......\n......\nSuccessfully built 6ad0c955aa67\nSuccessfully tagged my-mariadb:latest πŸ‘\n```\n\nFor this example, we'll change to ``\\home`` and run `my-mariadb` image with an environment file.\n\n\n``` bash \n$ cd /home\n```\n\nCreate .env file in which `username`, `user`, `password`, `database name`, `root password`.\n\nThis information will be embedded in the container at runtime.\n```\n$ vim .env\nBDD_USER=user\nBDD_USER_PASSWORD=safepwd\nBDD_NAME=wordpress\nBDD_ROOT_PASSWORD=safepwdroot\n```\nTo run the image you will need a specific env file and image name\n```\n$ docker run -tid --name testmariadb --env-file .env my-mariadb\n```\nThe container is well executed, we can check with a `docker ps`\n```\n$ docker ps\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n34e058b2f18f my-mariadb \"/script.sh\" 22 seconds ago Up 22 seconds testmariadb\n```\nEnter the container to check if our variables have integrated\n```\n$ docker exec -ti testmariadb bash \nroot@34e058b2f18f:/# \n```\nEverything is good 🀩\n```\nroot@34e058b2f18f:/# env\nHOSTNAME=34e058b2f18f\nPWD=/\nBDD_NAME=wordpress\nHOME=/root\nBDD_USER_PASSWORD=safepwd\nTERM=xterm\nSHLVL=1\nBDD_ROOT_PASSWORD=safepwdroot\nBDD_USER=user\nPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n_=/usr/bin/env\n```\nCheck if the conf file has been copied\n``` .cnf\nroot@34e058b2f18f:/# cat /etc/mysql/mariadb.conf.d/50-server.cnf \n\n[server]\n\n[mysqld]\n\nuser = mysql\npid-file = /run/mysqld/mysqld.pid\nsocket = /run/mysqld/mysqld.sock\nport = 3306\nbasedir = /usr\ndatadir = /var/lib/mysql\ntmpdir = /tmp\nlc-messages-dir = /usr/share/mysql\nlc-messages = en_US\nskip-external-locking\n\nbind-address = 0.0.0.0\n\nexpire_logs_days = 10\ncharacter-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\n\n[embedded]\n\n[mariadb]\n```\nLet's start mysql to check users and database\n```\nroot@34e058b2f18f:/# mysql \nWelcome to the MariaDB monitor. Commands end with ; or \\g.\nYour MariaDB connection id is 8\nServer version: 10.3.38-MariaDB-0+deb10u1 Debian 10\n\nCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.\n\nType 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.\n```\nCheck if our user and root is enabled for any host\n``` sql\nMariaDB [(none)]\u003e SELECT user,host,password FROM mysql.user;\n+------+-----------+-------------------------------------------+\n| user | host | password |\n+------+-----------+-------------------------------------------+\n| root | localhost | |\n| user | % | *1C848575FF465642717BE88F2015E168769A62F3 |\n| root | % | *FDB22E6F75BD75009DEE947AFD0BD73CB7EB88DA |\n+------+-----------+-------------------------------------------+\n3 rows in set (0.005 sec)\n```\nCheck if the \"wordpress\" database has been created\n``` sql\nMariaDB [(none)]\u003e SHOW databases;\n+--------------------+\n| Database |\n+--------------------+\n| information_schema |\n| mysql |\n| performance_schema |\n| wordpress |\n+--------------------+\n4 rows in set (0.005 sec)\n```\n\n\n\n\n# Starter Pack [ MariaDB - Adminer ]\n\n\u003cimg src=\"./.img_readme/adminer_sql.png\"\u003e\n\nIn the previous part we saw how to write a dockerfile and build the image using `docker build`\n\nIn this part we will see how to use `docker compose` and write a `docker-compose.yml`\n\nBut first, we will see the configuration and the creation of the dockerfile for Adminer.\n\nAdminer is a tool for managing content in databases. It natively supports MySQL, MariaDB, PostgreSQL, SQLite,\n\nOnce installed, we will be able to connect to our database from the Web Adminer interface 😎\n\n```Dockerfile``` (Adminer)\n\n``` .Dockerfile\n# SPECIFIES DISTRIBUTION\nFROM debian:buster\n\n# UPDATE AND INSTALLATION\nRUN apt-get update \nRUN apt install -y adminer \n\n# COPY THE CONF FILE \nCOPY 000-default.conf /etc/apache2/sites-available/\nRUN echo 'ServerName adminer' \u003e\u003e /etc/apache2/apache2.conf\n\n# START AND CONF \nRUN service apache2 start \u0026\u0026 a2enconf adminer.conf \n\nENTRYPOINT [\"/usr/sbin/apache2ctl\", \"-D\", \"FOREGROUND\"]\n```\n\n```000-default.conf``` (Adminer)\n``` .conf\n\u003cVirtualHost *:80\u003e\n DocumentRoot /etc/adminer\n Alias /adminer /etc/adminer\n \n \u003cDirectory /etc/adminer\u003e\n Require all granted\n DirectoryIndex conf.php\n \u003c/Directory\u003e \n\n ErrorLog ${APACHE_LOG_DIR}/error.log\n CustomLog ${APACHE_LOG_DIR}/access.log combined\n\u003c/VirtualHost\u003e\n```\n\n## DOCKER-COMPOSE\n\n#### What is Docker Compose?\nDocker Compose is a tool that was developed to help define and share multi-container applications. \n\nWith Compose, we can create a YAML file to define the services and with a single command, can spin everything up or tear it all down.\n### BASIC DOCKER COMMANDS\n\n* ```docker-compose build``` : To build the images\n* ```docker-compose up -d``` : To run containers in daemon mode\n* ```docker-compose up --build -d``` : To build images and run containers in daemon mode {my favorite :-)}\n* ```docker-compose start/stop``` : To start and stop services\n* ```docker-compose down``` : To stop and delete containers\n\n\nIt is important that the project structure is consistent with the dockerfiles and docker-compose.yml\n\n``` bash\n$ tree \n.\nβ”œβ”€β”€ adminer_directory\nβ”‚ β”œβ”€β”€ 000-default.conf \nβ”‚ └── Dockerfile\nβ”œβ”€β”€ docker-compose.yml\nβ”œβ”€β”€ .env # same .env as before \nβ”œβ”€β”€ mariadb_directory\nβ”‚ β”œβ”€β”€ 50-server.cnf # Same file seen above\nβ”‚ β”œβ”€β”€ Dockerfile # Same file seen above\nβ”‚ └── script.sh # Same file seen above\n└── my_volume. # Persistent volume\n```\n\n```docker-compose.yml```\n\n``` .yml\nversion: '3.5'\nservices:\n adminer:\n container_name: Adminer # Name redirect to IP -\u003e 172.X.X.Z\n build: adminer_directory/. # Build the dockerfile in ./adminer_directory/Dockerfile \n restart: always # Restart the container if it has stopped\n ports:\n - \"80:80\" # Redirect port 80 of Adminer on the host\n networks:\n - mynetwork # Use mynetwork for communicate with mariadb\n \n mariadb:\n container_name: Mariadb\n build: mariadb_directory/.\n restart: always\n networks:\n - mynetwork\n volumes:\n - db:/var/lib/mysql\n env_file: .env\n\n# NETWORK\nnetworks:\n mynetwork:\n name : mynetwork\n driver : bridge # Remember the different types of Networks, I showed you before ???\n\n# VOLUME\nvolumes:\n db:\n driver: local\n driver_opts: # Options specific to the driver\n type: 'none'\n o: 'bind'\n device: ./my_volume # Persistent volume\n```\nThe docker-compose.yml is edited.\n\nThe various essential elements of the infrastructure being positioned in the right place.\n\nWe will be able to launch our infrastructure using the command : `docker-compose up --build -d` .\n\nThis will build and then launch the images.\n``` .sh\n$ docker-compose up --build -d\n....\n....\nCreating Mariadb ... done\nCreating Adminer ... done\n```\n\n``` .sh\n$ docker ps \nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n5b1e14853a6e mdb-adm_adminer \"/usr/sbin/apache2ct…\" 1 minutes ago Up 1 minutes 0.0.0.0:80-\u003e80/tcp, :::80-\u003e80/tcp Adminer\n4cb7c3cb88f8 mdb-adm_mariadb \"/script.sh\" 1 minutes ago Up 1 minutes Mariadb\n```\n\nThe launch of our containers went well.\n\nWe will be able to connect to our database through the Adminer web interface using the host address.\n\nFor my part, the address of my host is `192.168.64.13`, because i work remotely on a vm.\n\nMost likely your host address is `localhost` or `127.0.0.1`.\n\nAdminer will ask us for the connection information.\n\nThis information corresponds to the information present in the \".env\" file\n\nThe server address to enter is `Mariadb`\n\n```\nUSERNAME = user\nPASSWORD = safepwd\nDATABASE = wordpress\n``` \n\n\u003cimg src=\"./.img_readme/login_Adminer1.png\"\u003e\n\nGreat the connection works πŸ‘πŸΌ\n\n\u003cimg src=\"./.img_readme/login_Adminer2.png\"\u003e\n\nYou can also log in as root. You just have to put in \"root\" in user and the password present in the env file.\n\n\n# PHP-FPM \u0026 NGNIX \n\n\u003cimg src=\"./.img_readme/nginx_php_fpm.png\"\u003e\n\n\nIn this part we will create a simple infrastructure allowing to separate nginx and php.\n\nWe will then use this same infrastructure to implement the SSL certificate and communicate only on port 443 to connect to our web server.\n\n``` bash \n$ tree\n.\nβ”œβ”€β”€ docker-compose.yml\nβ”œβ”€β”€ nginx\nβ”‚ β”œβ”€β”€ conf\nβ”‚ β”‚ └── default\nβ”‚ └── Dockerfile\n└── wordpress\n β”œβ”€β”€ conf\n β”‚ β”œβ”€β”€ index.php\n β”‚ └── www.conf\n └── Dockerfile\n```\n\n\nTo work, nginx and php need to have access to the same file.\n\nThis is why our \"wordress\" volume is common to both containers.\n\nBoth will share the folder ```/var/www/html```\n\n``` docker-compose.yml```\n\n``` .yml\nversion: '3.5'\nservices:\n ngnix:\n container_name: ngnix\n build: ./nginx/\n restart: always\n volumes:\n - WordPress:/var/www/html\n depends_on:\n - wordpress\n ports:\n - \"80:80\"\n networks:\n - mynetwork\n\n wordpress:\n container_name: wordpress\n build: ./wordpress/\n restart: always\n volumes:\n - WordPress:/var/www/html\n networks:\n - mynetwork\n \n# NETWORK\nnetworks:\n mynetwork:\n name : mynetwork\n driver : bridge\n\n# VOLUME\nvolumes:\n WordPress:\n driver: local\n driver_opts:\n type: 'none'\n o: 'bind'\n device: /home/tliot/data/website\n```\n\n## Installing NGINX\n\n```Dockerfile```\n\n``` .Dockerfile\n# SPECIFIE LA DISTRIBUTION\nFROM debian:buster\nRUN apt-get update\n\n# NGINX INSTALLATION\nRUN apt-get install -y nginx\n\n# Copy of default web page configuration\nCOPY ./conf/default /etc/nginx/sites-available/default\n\nENTRYPOINT [\"nginx\", \"-g\", \"daemon off;\"]\n```\n\n```default```\n\n```\nserver {\n listen 80 default_server;\n listen [::]:80 default_server;\n\n server_name _;\n\n root /var/www/html/wordpress;\n index index.php ;\n \n # logging\n access_log /var/log/nginx/wordpress.access.log;\n error_log /var/log/nginx/wordpress.error.log;\n \n location / {\n try_files $uri $uri/ =404;\n }\n\n location ~ \\.php$ {\n try_files $uri = 404;\n fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n fastcgi_pass wordpress:9000; # \u003c------------ Redirect to wordpress container\n fastcgi_index index.php;\n include fastcgi_params;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_param PATH_INFO $fastcgi_path_info;\n }\n}\n```\n\n## Installing PHP-FPM\n\n\n```dockerfile```\n\n``` .Dockerfile\n# SPECIFIE LA DISTRIBUTION\nFROM debian:buster\nRUN apt-get update\n\n# UDPATE \u0026 INSTALLATION\nRUN apt install php-fpm -y\n\n# To create the PID file (/run/php/php7.3-fpm.pid)\nRUN mkdir /run/php\n\n# To allow external connections\nCOPY ./conf/www.conf /etc/php/7.3/fpm/pool.d/\n\n# To create index.php \nCOPY ./conf/index.php /var/www/html/wordpress/index.php\n\n# Is optional, just a metadata\nEXPOSE 9000 \n\nENTRYPOINT [\"/usr/sbin/php-fpm7.3\",\"-F\" ]\n```\n\n```index.php```\n```\n\u003c? php echo phpinfo(); ?\u003e\n```\n\n``` www.conf ```\n\n``` .conf\n[www]\nuser = www-data\ngroup = www-data\n# listen = 127.0.0.1:9000 # Change this line\nlisten = 9000 # Now it's better\nlisten.owner = www-data\nlisten.group = www-data\npm = dynamic\npm.max_children = 5\npm.start_servers = 2\npm.min_spare_servers = 1\npm.max_spare_servers = 3\n```\n\n## Connecting NGINX\n\n\u003cimg src=\"./.img_readme/web-nginx-php.png\"\u003e\n\n# Local Domains in Linux\n\n#### Configure DNS Locally Using /etc/hosts File in Linux\n\n\nNow open the /etc/hosts file using your editor of choice as follows\n\n```sudo vi /etc/hosts```\n\nThen add the lines below to the end of the file as shown in the screen shot below.\n\n```\n127.0.0.1\t localhost\n255.255.255.255\tbroadcasthost\n::1 localhost\n\n192.168.64.13\ttliot.42.fr # \u003c--- Principal Domains\n192.168.64.13\tadminer.tliot.42.fr # \u003c--- adminer subdomain (optional)\n192.168.64.13\t*.tliot.42.fr # \u003c--- all subdomain (optional)\n\n```\n\nNext, test if everything is working well as expected, using the ping command. \n\n```\n$ ping tliot.42.fr\nPING tliot.42.fr (192.168.64.13): 56 data bytes\n64 bytes from 192.168.64.13: icmp_seq=0 ttl=64 time=1.919 ms\n64 bytes from 192.168.64.13: icmp_seq=1 ttl=64 time=2.046 ms\n64 bytes from 192.168.64.13: icmp_seq=2 ttl=64 time=2.391 ms\n64 bytes from 192.168.64.13: icmp_seq=3 ttl=64 time=2.017 ms\n64 bytes from 192.168.64.13: icmp_seq=4 ttl=64 time=2.481 ms\n^C\n--- tliot.42.fr ping statistics ---\n5 packets transmitted, 5 packets received, 0.0% packet loss\n```\n\n# Setup a self-signed SSL certificate\n\n#### Create the self-signed SSL certificate:\n\n```\nRUN openssl req \\\n -x509 \\\n -nodes \\\n -days 365 \\\n -newkey rsa:2048 \\\n -keyout /etc/ssl/private/nginx-selfsigned.key \\\n -out /etc/ssl/certs/nginx-selfsigned.crt \\\n -subj '/C=FR/ST=Ile-de-France/L=Paris/O=42/OU=42Paris/CN=TLIOT/UID=TTT'\n```\n\n#### Create a new configuration snippet file for Nginx:\n\n```\nRUN echo \"ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;\\nssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;\" \u003e /etc/nginx/snippets/self-signed.conf\n```\n\n#### Create a strong Diffie-Hellman group:\n\n```\nRUN openssl dhparam -out /etc/nginx/dhparam.pem 2048\n```\n#### Create a configuration snippet with strong encryption settings:\n```\nCOPY ./conf/ssl-params.conf /etc/nginx/snippets/\n```\n\n```ssl-params.conf```\n\n```\nssl_prefer_server_ciphers on;\nssl_dhparam /etc/nginx/dhparam.pem; \nssl_ciphers EECDH+AESGCM:EDH+AESGCM;\nssl_ecdh_curve secp384r1;\nssl_session_timeout 10m;\nssl_session_cache shared:SSL:10m;\nssl_session_tickets off;\nssl_stapling on;\nssl_stapling_verify on;\nresolver 8.8.8.8 8.8.4.4 valid=300s;\nresolver_timeout 5s;\nadd_header X-Frame-Options DENY;\nadd_header X-Content-Type-Options nosniff;\nadd_header X-XSS-Protection \"1; mode=block\";\n```\n\n\n#### Configure Nginx site to use certificate:\n\n```\nserver {\n listen 443 ssl default_server; \u003c--- 80 to 443\n listen [::]:443 ssl default_server; \u003c--- 80 to 443\n\n server_name tliot.42.fr; \u003c--- _ to tliot.42.fr\n\n # ssl \n include snippets/self-signed.conf; \u003c--- self-signed SSL\n include snippets/ssl-params.conf; \u003c--- strong encryption\n\n root /var/www/html/wordpress;\n index index.php ;\n \n # logging\n access_log /var/log/nginx/wordpress.access.log;\n error_log /var/log/nginx/wordpress.error.log;\n \n location / {\n try_files $uri $uri/ =404;\n }\n\n location ~ \\.php$ {\n try_files $uri = 404;\n fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n fastcgi_pass wordpress:9000;\n fastcgi_index index.php;\n include fastcgi_params;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_param PATH_INFO $fastcgi_path_info;\n }\n}\n```\n\n\n#### Configure docker-compose.yml site to use 443:\n\n```docker-compose.yml```\n\n```\n ngnix:\n container_name: ngnix\n build: ./nginx/\n restart: always\n volumes:\n - WordPress:/var/www/html\n depends_on:\n - wordpress\n ports:\n - \"443:443\" \u003c--- 80:80 to 443:443\n networks:\n - mynetwork\n```\n\n\n\n### Testing the SSL Server\n\nNext, test whether the SSL encryption is working.\n\nOn your browser, type the prefix ```http://``` then your domain name:\n\n```https://server_domain```\n\nSince the certificate is not already signed by a trusted certificate authority, you will most likely get a warning like the one below:\n\nYou will see a warning that may pop-up because the SSL certificate created earlier isn’t signed by a trusted certificate authority:\n\n\u003cimg src=\"./.img_readme/ssl1.png\"\u003e\n\nIt's goood πŸ‘πŸΌ\n\n\u003cimg src=\"./.img_readme/ssl2.png\"\u003e","funding_links":[],"categories":["WELCOME"],"sub_categories":["**Inception**"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTheo2lt%2FInception","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTheo2lt%2FInception","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTheo2lt%2FInception/lists"}