Auto multicontainer script, that can easily setup multiple webservers on one server in a docker inverionment, with the help of a nginx reverse proxy. The script is currently supporting lamp, wp, php-stack, laravel and Portainer installations.
This software has only been tested on Debian, Kali and Ubuntu
This script is based of severel other repositories, that have been automated in a singel bash script.
Sources:
Nginx reverse proxy:
Kassambara (Github repository)
Kassambara (Guide)
Lamp stack:
Mattrayner (Dockerhub)
Most of these, has been modified in different ways, to make them more stable and work better with this setup.
To run this script, you need to have the following softwares installed
- Git
- Docker
- curl
These can be downloaded with the following command:
ubuntu/debian:
sudo apt-get install git docker curl -yTo download the code, use the following code:
git clone https://github.com/The0mikkel/auto-multicontainer-setup;
cd auto-multicontainer-setup;Use the following code to run the script:
./docker-setup.sh;If you see following error /bin/bash^M
Run following command chmod u+x docker-setup.sh && sed -i -e 's/\r$//' docker-setup.sh && ./docker-setup.sh
Flags can be used to customize the process of the program.
-d [dir] | The d flag is used to set the directory: -d /srv/www
-r [reverse proxy] | The r flag is used to set the reverse proxy: -r nginx-proxy
The script adds the new webservers in the /srv/www directory.
This means, that if any server that is already located (with domain name) in this folder, may cause the code to fail.
If the directory /srv/www does not exist, the script will create this, as well as setting the right permission (this usses sudo).
If the directory does exist, the software will assume that the right permission have been set.
If a previus folder called "nginx-reverse-proxy" exist and the services "nginx", "nginx-gen" and "nginx-letsencrypt" is running, the scripts continues as if the proxy is installed and running.
After this, you can instert an integer, to say how many webservers you would like to setup.
And the software will then go through the setup of every webserver.
It is possible to enable and disable auto setup of Reverse proxy.
The software is currently setup and configured to always add a NGINX reverse proxy, that automaticly detects new containers, and adds them to the reverse proxy.
Currently, all webservers and containers in this software is setup to use this reverse proxy. In the future, other reverse proxies may be added to this software.
The automatic NGINX reverse proxy setup, can be disabled by includeding the flag -r none.
To run the setup, then call:
./docker-setup.sh -r none;The included reverse proxy, in this software, is a NGINX reverse proxy, that works with a docker-gen to automaticly detect new containers, and register them in the reverse proxy. The main piece of this reverse proxy, is the NGINX proxy, that works with a template, that from the docker-gen container, is able to build configurations for any new containers coming online, without any downtime.
SSL certificates is handled by the acme-companion, which automaticly creates a SSL certificate for routes, that needs them. These certificates are made with "Let's Encrypt", and is automaticly kept up to date. To read more about this, view the GitHub repository for the container: https://github.com/nginx-proxy/acme-companion
All of this, is made by nginx-proxy
An extension, that this software does, to this stack, is a fallback route, for any requests, that does not have any route. This route is set to be http://fallback.reverse-proxy.localhost, and is made by a httpd container. The content of this webserver, can be found in ./nginx-reverse-proxy directory/fallback.
The NGINX reverse proxy can be modified after install, in the ./nginx-reverse-proxy directory
If any existing nginx-reverse-proxy is present, but none of the containers are running, the software will try to reinstall (delete and install) the folder, and any previus setup may be lost.
Before the software executes this, it asks, if you want to proceed.
If any of the three nginx-proxy containers are running, the software will assume that the proxy is good to go.
- nginx-proxy: NGINX
- nginx-proxy-gen: Docker-gen
- nginx-proxy-letsencrypt: acme-companion
- nginx-proxy-fallback: httpd
All inspiration to this setup, has come from this guide.
The LAMP server is based on the mattrayner/lamp:latest-1804
but is further costomized in the script.
This customization comes, as the possibility to automaticly insert apache2.conf, default-host.conf, evasive.conf and security2 into the container.
These files are the main Apache configuration file, apache configuration for the virtual hosts, the apache mod "evasive" and the mod "ModSecurity".
Theses mods ("evasive" and "ModSecurity"), is to protect agains ddos and acts like a firewalls.
To customize apache2.conf, default-host.conf, evasive.conf and security2
a link to a folder on a webserver with these files, can be provided to the configuration.
All four files needs to present on the linked webserver.
The default configuration for this script can be located in configuration/lamp/
A .env file can be created in the docker/env/lamp/ folder, with the domain name
to automate the process.
The .env file in docker/env/lamp/ needs to contain the following:
- VIRTUAL_HOST
- VIRTUAL_PORT
- LETSENCRYPT_HOST
- LETSENCRYPT_EMAIL
- ServerName
- configLink
The default values can be seen in the default-lamp.env
You can choose to not have a .env in advance, where the script then will ask you question and automaticly make a .env file for the domain.
When manually setting these up in the script, you are only asked for email, which i used for LETSENCRYPT_EMAIL, and asked if you have a configLink.
If you don't have a configLink, the script will use the default configLink
(https://raw.githubusercontent.com/The0mikkel/auto-multicontainer-setup/master/configuration/lamp).
The rest of the settings is derived from the domain name of the server.
After the script has run, the new .env file we be located in docker/env/lamp/, with the name of the domain.
When starting this server, you are also building the image for it.
After the webserver has been deployed, please view the log of the container, to insure, that the container is infact running.
In this log, you will also get the username and password for the standard mysql user.
Please write the password down and/or change it shortly after deployment
A phpmyadmin page will be available at $domain/phpmyadmin
When the server is deployed, the files for the server will be located at /srv/www/$domain
In this folder there will be two folders. app and mysql.
The app folder is where all the serverfiles goes.
In here you will find a index.html file, which is just a short demo site.
The mysql folder, is where all the mysql files goes.
This means, that the container can be deleted and reinstalled in the same directory, and keep all of the database files.
The VIRTUAL_HOST, is the url for the webserver (ex. example.com).
This is used to set up the nginx proxy.
The VIRTUAL_PORT, is the port to use for the webserver. This is standard 80, and should always be 80.
This is used to set up the nginx proxy.
The LETSENCRYPT_HOST, is the url for the webserver (ex. example.com).
This is used to set up the nginx proxy.
The LETSENCRYPT_EMAIL, is the email-address used to make the SSL certificate. Therefore this email should be changed.
This is used to set up the nginx proxy.
The ServerName, is the name of the server.
This is used to set the container name.
The configLink, is the url-address of a folder on a webserver containing apache2.conf, default-host.conf, evasive.conf and security2.
This is used to fetch apache setup files when building the docker image.
PHP stack is a multicontainer php server, with a custom build php:apache container, which enables mysqli, apache rewrite and uses defualt php.ini production configuration. Besides the main web container, there is 3 additional containers.
- mariadb for database.
- mariadb-cron-backup is a mysql backup container, that is setup to take a backup of the database every day, at 23:00, and keeps it for 30 days. It compresses it with a GZIP level of 9.
- phpmyadmin for easy access to database, when needed. (It is recomended to keep this stopped, unless activly used)
When the server is deployed, the files for the server will be located at /srv/www/$domain
In this folder there will be two folders. app, mariadb, mariadb-backup, dump and conf.
The app folder is where all the serverfiles goes.
In here you will find a index.html file, which is just a short demo site.
The mariadb folder, is where all the database files goes.
This means, that the container can be deleted and reinstalled in the same directory, and keep all of the database files.
The mariadb-backup folder, is where all the database backup files goes.
The dump folder, is the docker-entrypoint-initdb.d.
The conf folder, is where any configuration of the apache server, is located.
Here you will find a apache2.conf file, with some preset hardened settings.
To be able to run this stack, a number of things, need to be known.
These are all saved in the .env file, that are saved in the
Variables:
- SERVERNAME
- VIRTUAL_HOST
- VIRTUAL_HOST_DB_PREFIX
- LETSENCRYPT_HOST
- LETSENCRYPT_EMAIL
- MYSQL_DATABASE
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
- TIMEZONE
Servername for the stack. Also used in the names of the containers.
It is automaticly set to the domain of the new server.
Domain for the new server. This is used for the NGINX reverse proxy.
Domain prefix, for the phpmyadmin page. Used in $VIRTUAL_HOST_DB_PREFIX.$VIRTUAL_HOST
Domain for the SSL certificat. Should be the same as the domain
Email connected to the SSL certificat.
Database to be created with the stack.
User to create with the stack.
Password for the MYSQL_USER.
Root password of the mariadb. Should be very strong.
Timezone of the PHP server and the database, to make sure times a synchronized.
Uses standard configuration of Laravel, with some added elements from php-stack.
More about the Laravel webserver will come soon
The Wordpress server is based on the [wordpress:latest](https://hub.docker.com/_/wordpress), but is setup after the Docker WordPress Production Deployment guide by Alboukadel Kassambara.
The script downloads the wordpress-docker-compose GitHub repository, and replaces the standard docker-compose.yml with a modified docker-compose.yml that have "redirectnonwww" container removed, as well as replacing the ports with exposed in the phpmyadmin container, for it to work better with multiple wordpress servers running.
The script will ask multiple questions, to setup the wordpress installation.
These are the following:
- Projekt name
- User name
- User password
- Website title
- Subdomain / Prefix for phpmyadmin page
After the user has given the right information, the server will setup a .env file in the given directory for the wordpress installation (/srv/www/$domain).
This .env file can then be inspected by the user, before the software continues, to ensure that all information is given correctly.
This is for the most part not necessary.
When the webserver is launched, then the user should go to the webservers domain to finish the Wordpress setup.
This include, but limited to, username and password for Wordpress.
The install of the server is currently only automatic, so that the website is setup and configured when going live.
The phpmyadmin will be available on the $prefix.$domain url.
At this point the wordpress install should be ready to use, just log ind with the cridentials provided doing install.
It is possible to install Portainer, with this software.
Portainer is a lightweight management UI for Docker, that is easely installed.
This code runs the standard install of Portainer, just for easy of use, when already setting up multiple webservers with this program.
A custom docker-compose file is made, with the most basic install of Portainer. This docker-compose file can be inspected in /docker/portainer/docker-compose.yml
This is all runned in the directory /srv/www/portainer, and makes it possible to easely update the container.
This container is not integrated with the NGINX reverse proxy
I am in no way a professionel in any of the fields this software works with, and there may be bugs and security issues in the provided software.
I will to some extend try to keep this code maintained, but this software is provided as is, and should be looked through before use.
I do not take any responsebility for any damage this software may do.