Docker-Compose

Deploy WordPress, MySQL, and a web server using Docker-Compose for a streamlined, efficient, and portable website hosting solution.

Using Docker-Compose, you can quickly deploy WordPress, MySQL, and a web server. To orchestrate containers, use a single configuration file, which simplifies setup, ensures compatibility, and enables seamless scaling of the complete web application stack.

docker-compose file is present at /root/blog-zus-network/docker-compose.yml location in the server.

This docker-compose file will launch WordPress, MySQL and Webserver.

version: '3'

services:
  db:
    image: mysql:8.0
    container_name: db
    restart: unless-stopped
    env_file: .env
    environment:
      - MYSQL_DATABASE=zchainblog
    volumes: 
      - ./dbdata:/var/lib/mysql
    command: '--default-authentication-plugin=mysql_native_password'
    networks:
      - zchain-network

  wordpress:
    depends_on: 
      - db
    image: wordpress:5.1.1-fpm-alpine
    container_name: wordpress
    restart: unless-stopped
    env_file: .env
    environment:
      - WORDPRESS_DB_HOST=db:3306
      - WORDPRESS_DB_USER=$MYSQL_USER
      - WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
      - WORDPRESS_DB_NAME=zchainblog
    volumes:
      - ./wordpress-data:/var/www/html
      - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
    networks:
      - zchain-network

  webserver:
    depends_on:
      - wordpress
    image: nginx:1.15.12-alpine
    container_name: webserver
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./wordpress-data:/var/www/html
      - ./nginx-conf:/etc/nginx/conf.d
      - ./certbot-etc:/etc/letsencrypt
      - /etc/letsencrypt/live/blog.zus.network/fullchain.pem:/etc/letsencrypt/live/blog.zus.network/fullchain.pem
      - /etc/letsencrypt/live/blog.zus.network/privkey.pem:/etc/letsencrypt/live/blog.zus.network/privkey.pem
    networks:
      - zchain-network

volumes:
  wordpress:
  dbdata:

networks:
  zchain-network:
    driver: bridge

This nginx configuration file is present at /root/blog-zus-network/nginx-conf/nginx.conf location on the server.

server {
        listen 80;
        listen [::]:80;

        server_name blog.zus.network;

        location ~ /.well-known/acme-challenge {
                allow all;
                root /var/www/html;
        }

        location = / {
                return 301 https://zus.network/blog;
        }

        location / {
                rewrite ^ https://$host$request_uri? permanent;
        }

        
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name blog.zus.network;

        index index.php index.html index.htm;

        root /var/www/html;

        server_tokens off;

        ssl_certificate /etc/letsencrypt/live/blog.zus.network/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/blog.zus.network/privkey.pem;

        include /etc/nginx/conf.d/options-ssl-nginx.conf;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        # enable strict transport security only if you understand the implications

        location = / {
                return 301 https://zus.network/blog;
        }

        location / {
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass wordpress:9000;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        location ~ /\.ht {
                deny all;
        }
        
        location = /favicon.ico { 
                log_not_found off; access_log off; 
        }
        location = /robots.txt { 
                log_not_found off; access_log off; allow all; 
        }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
        }
}

This file present at location /root/blog-zus-network/nginx-conf/options-ssl-nginx.conf

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

Run following command to launch WordPress, MySQL and webserver from directory -

cd /root/blog-zus-network
docker-compose up -d

PreviousCertificate NextCerbot Renew

Last updated 2 years ago