Setup a wordpress blog on docker with nginx as reverse proxy

My friend und very experienced colleague Niklas Heidloff convinced me to start also a blog with all the geeky things I am doing all day long. In order to make it more interesting for me I decided to host wordpress on my own instead of using wordpress as a service (WaaS ?). Sylwester from Fablab.berlin pointed me to Vultr for hosting and so here we start. The idea is to have a simple docker setup with 3 containers. One for the Nginx webserver facing the evil internet and proxying the wordpress which is located in the local private docker network. Doing so I can also redirect to other web services (containers) later. Luckily there are already maintained docker container available for all 3 parts, so I only need to customize the nginx container with a dockerfile but can use the two others right as they are.
Install Docker on Ubuntu
Either you go with a docker provider like Bluemix or you get a virtual machine from softlayer or any other provider. In my case I have chosen a virtual server so I had to install docker on Ubuntu LTS. Which is really easy. Basically you add a new repository entry to your apt sources and install latest stable docker packages. There is also a script available on get.docker.com but I don’t feel comfortable to execute a shell script right from the net with root access. But it’s up to you.
wget -qO- https://get.docker.com/ | sh
Docker on linux does not contain docker-compose compared to the docker installation for example on mac. Installing docker compose is straightforward. The docker compose script can be downloaded from github here: https://github.com/docker/compose/releases.
curl -L https://github.com/docker/compose/releases/download/1.14.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
Docker-compose
Docker-compose takes care of a docker setup containing more than one docker container, including network and also basic monitoring. The following script starts and builds all docker container with nginx, mysql and wordpress. It also exports the volumes on the host file system for easy backup and persistence along docker container rebuilds and monitors if the docker containers are up and running.
version: '3' services: db: image: mysql:latest volumes: - ./db:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: easytoguess MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: eveneasier wordpress: depends_on: - db image: wordpress:latest restart: always volumes: - ./wordpress:/var/www/html/wp-content environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: eveneasier WORDPRESS_DB_NAME: wordpress nginx: depends_on: - wordpress restart: always build: context: . dockerfile: Dockerfile-nginx ports: - "80:80"
Mysql is the first container we bring up with environment variables for the database like username, password and database name. Line 7 takes care to save the database file outside the docker container so you can delete the docker container, start a new one and still have the same database up and running. Point this where you want to have it. In this case in “db” under the same directory. Also make sure you come up with decent passwords.
The second container is wordpress. Same here with the host folder on line 21. Furthermore make sure you have the same user, password and db name configured as in the mysql container configuration.
Last one is nginx as internet facing container. You expose the port 80 here. While you just specify a container in the other two, in this one you configure a Dockerfile and a build context to customize your nginx regarding to the network setup. If you only want to host static files you can add this via volume mounts, but in our case we need to configure nginx itself so we need a customized Dockerfile as described below.
Dockerfile for nginx setup
FROM nginx:latest COPY default.conf /etc/nginx/conf.d/default.conf VOLUME /var/log/nginx/log/ EXPOSE 80
This dockerfile inherits everything from the latest nginx and copies the default.conf file into it. See next chapter for how to setup the config file.
Nginx config file
server { listen 80; listen [::]:80; server_name www.23-5.eu ansi.23-5.eu; access_log /var/log/nginx/log/unsecure.access.log main; location / { proxy_read_timeout 90; proxy_connect_timeout 90; proxy_redirect off; proxy_pass http://wordpress; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } }
Line 2 and 3 configures the port we want to listen on. We need one for ip4 and one for ip6. Important is the proxy configuration in line 8 to 15. Line 11 redirect all calls to “/” (so without a path in the URL) to the server wordpress. As we used docker-compose for it docker takes care to make the address available via the internal DNS server. Line 13-15 rewrites the http header in order to map everything to the different URL, otherwise we would end up with auto generated links in docker pointing to http://wordpress
Start the System
If everything is configured and the docker-compose.yml, default.conf, Dockerfile-nginx and the folders db and wordpress are in the same folder, we can start everything being in this folder with:
docker-compose up --build -d
The parameter “-d” starts the setup in the background (daemon). For the very first run I would recommend using it without the “-d” parameter to see all debug messages.
Great article Ansi. Locally worked like a charm.
I have some issues in setting it up on a aws ec2 instance and hopefully you have tried before and can help
For local configuration I am using in default.conf `server_name localhost;`
On ec2 wold not work, the error is: `502 Bad Gateway`
I have tried replacing the server_name with the ec2 Public DNS and Public IP and even with _ but it still does not work.
Of course after each change I do `docker-compose down` and `docker-compose up –build -d`
Thanks
I have the same problem
Thanks for your question. Hm, I am using it on a vultr server, never tried it on ec2. Maybe I find time this weekend and give it a try. In case I found a solution I will post it here.
Ansi
Love the article. what about SSL? Most wordpress sites these days are trying to run securely.
It’s already fully SSL secured with A+ rating. I need to write the article. Subscribe to this blog. I think I find time next month to write the article.
Very good article, thanks a lot man!
You are the man!