Separate Apache and MySQL into two containers using docker-compose.

.gitignore

@@ -0,0 +1,2 @@
+*~
+mysql

Dockerfile

@@ -10,7 +10,6 @@ RUN apt-get update && \
     echo mysql-server-5.5 mysql-server/root_password_again password vulnerables | debconf-set-selections && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
     apache2 \
-    mysql-server \
     php5 \
     php5-mysql \
     php-pear \
@@ -19,13 +18,17 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-COPY php.ini /etc/php5/apache2/php.ini
-COPY dvwa /var/www/html
+RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log && \
+    ln -sf /proc/self/fd/2 /var/log/apache2/error.log
+
+COPY conf/php.ini /etc/php5/apache2/php.ini
+COPY conf/000-default.conf /etc/apache2/sites-available/000-default.conf
 
 RUN chown www-data:www-data -R /var/www/html && \
     rm /var/www/html/index.html
 
 EXPOSE 80
+VOLUME ["/var/www/html"]
+
+CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
 
-COPY main.sh /
-ENTRYPOINT ["/main.sh"]

README.md

@@ -10,16 +10,25 @@ The aim of DVWA is to practice some of the most common web vulnerability, with v
 
 ## Run this image
 
-To run this image you need [docker](http://docker.com) installed. Just run the command:
+To run this image you need [docker](http://docker.com) 17.09CE and [docker-compose](https://docs.docker.com/compose/install/) installed. Just run the command:
 
-    docker run --rm -it -p 80:80 vulnerables/web-dvwa
+    docker-compose up --build
 
 And wait until it download the image and start it, after that you can see the image running in your local machine:
 
-![setup](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/setup.png?raw=tru)
+![setup](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/img/setup.png?raw=tru)
 
 Just click on the ```Create / Reset database``` button and it will generate any aditional configuration needed.
 
+To stop the stack, run:
+
+    docker-compose down
+
+If you stop the containers unexpectedly (e.g., `Ctrl-C`) and you find Apache refusing to start, rebuild or run:
+
+    docker-compose rm
+    docker-compose up
+
 ## Login with default credentials
 
 To login you can use the following credentials:
@@ -31,7 +40,7 @@ To login you can use the following credentials:
 
 The default dificulty level is the ```impossible``` level, you can change it in ```DVWA Security``` item in the left menu.
 
-![dificulty](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/setup-dificulty.png?raw=tru)
+![dificulty](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/img/setup-dificulty.png?raw=tru)
 
 ## Hack and have fun !
 
@@ -40,7 +49,7 @@ In the id field, add this query:
 
 	%' and 1=0 union select null, concat(user,':',password) from users #
 
-![sqli](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/sqli.png?raw=true)
+![sqli](https://github.com/opsxcq/docker-vulnerable-dvwa/blob/master/img/sqli.png?raw=true)
 
 There are several other ways and other vulnerabilities do exploit, go ahead, have fun !
 

conf/000-default.conf

@@ -0,0 +1,30 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog /dev/stderr
+	CustomLog /dev/sdtout common
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

docker-compose.yml

@@ -0,0 +1,21 @@
+version: '3'
+services:
+
+  dvwa:
+    build:
+      context: .
+    ports:
+      - 80:80
+    volumes:
+      - ./dvwa:/var/www/html
+
+  dvwa_db:
+    image: library/mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: vulnerables
+      MYSQL_DATABASE: dvwa
+      MYSQL_USER: dvwa_db_user
+      MYSQL_PASSWORD: changeme
+    volumes:
+      - ./mysql:/var/lib/mysql
+

dvwa/config/config.inc.php

@@ -12,7 +12,7 @@
 #   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
 #   Please use a database dedicated to DVWA.
 $_DVWA = array();
-$_DVWA[ 'db_server' ]   = '127.0.0.1';
+$_DVWA[ 'db_server' ]   = 'dvwa_db';
 $_DVWA[ 'db_database' ] = 'dvwa';
 $_DVWA[ 'db_user' ]     = 'root';
 $_DVWA[ 'db_password' ] = 'vulnerables';