I am working with Docker and its containers and I want to add more than 1 WordPress site in its containers with Nginx, PHP and Letscrypt. I have 1 container with the database, 2 containers with wordpress and phpfpm7.4. Another container with nginx and 2 more containers with certbot to generate the ssl certificates I already have the docker-compose.yml file but it seems that the problem I have is with a second certbot container that is not generating the certificate. Here I leave the docker file and the error it throws me.
version: '3'
services:
dbgb:
image: mysql:8.0.30
container_name: dbgb
restart: unless-stopped
env_file: .env
environment:
- MYSQL_ROOT_PASSWORD=Wordpress123
- MYSQL_DATABASE=greatbytedb
- MYSQL_USER=wordpressuser
- MYSQL_PASSWORD=Wordpress321
volumes:
- dbdata:/var/lib/mysql
command: '--default-authentication-plugin=mysql_native_password'
networks:
- app-network
wordpressgb:
depends_on:
- dbgb
image: wordpress:6.0.2-php7.4-fpm-alpine
container_name: wordpressgb
restart: unless-stopped
env_file: .env
environment:
- WORDPRESS_DB_HOST=dbgb:3306
- WORDPRESS_DB_USER=$MYSQL_USER
- WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
- WORDPRESS_DB_NAME=greatbytedb
volumes:
- greatbyte:/var/www/html
networks:
- app-network
wordpresshc:
depends_on:
- dbgb
image: wordpress:6.0.2-php7.4-fpm-alpine
container_name: wordpresshc
restart: unless-stopped
env_file: .env
environment:
- WORDPRESS_DB_HOST=dbgb:3306
- WORDPRESS_DB_USER=$MYSQL_USER
- WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
- WORDPRESS_DB_NAME=greatbytedb
volumes:
- hablamedecuba:/var/www/html/hablamedecuba
networks:
- app-network
webservergb:
depends_on:
- wordpressgb
- wordpresshc
image: nginx:1.23.1-alpine
container_name: webservergb
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- greatbyte:/var/www/html
- hablamedecuba:/var/www/html/hablamedecuba
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
networks:
- app-network
certbotgb:
depends_on:
- webservergb
image: certbot/certbot
container_name: certbotgb
volumes:
- certbot-etc:/etc/letsencrypt
- greatbyte:/var/www/html
command: certonly --webroot --webroot-path=/var/www/html --email mariodamian1986#gmail.com --agree-tos --no-eff-email --force-renewal -d great-byte.com -d www.great-byte.com
certbothc:
depends_on:
- webservergb
image: certbot/certbot
container_name: certbothc
volumes:
- certbot-etc:/etc/letsencrypt
- hablamedecuba:/var/www/html/hablamedecuba
command: certonly --webroot --webroot-path=/var/www/html/hablamedecuba --email mariodamian1986#gmail.com --agree-tos --no-eff-email --force-renewal -d hablamedecuba.com -d www.hablamedecuba.com
volumes:
certbot-etc:
greatbyte:
hablamedecuba:
dbdata:
networks:
app-network:
driver: bridge
enter image description here
The challenge cannot be execute because hablamedecuba.com isn't reachable for lets' encrypt to download the temporary challenge file.
* Trying 142.93.119.120:80...
* connect to 142.93.119.120 port 80 failed: Connection refused
* Failed to connect to hablamedecuba.com port 80 after 168 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to hablamedecuba.com port 80 after 168 ms: Connection refused```
Either try to use a different challenge or make it available on port 80 temporarily.
You try after add below code.
certbot:
depends_on:
- webserver
image: certbot/certbot
container_name: certbot
networks:
- backend
volumes:
- 'certbot-etc:/etc/letsencrypt'
- 'certbot-var:/var/lib/letsencrypt'
- '/tmp/acme-challenge:/tmp/acme-challenge'
restart: unless-stopped
environment:
TZ: '${LOCAL_TIMEZONE}'
entrypoint: /bin/sh -c "certbot certonly --webroot --webroot-path /tmp/acme-challenge --rsa-key-size 4096 --non-interactive --agree-tos --no-eff-email --force-renewal --email ${LETSENCRYPT_EMAIL} -d ${DOMAIN_NAME} -d www.${DOMAIN_NAME};
trap exit TERM; while :; do certbot renew --dry-run; sleep 12h & wait $${!}; done;"
or
This link enter link description here is ready to install full stack docker compose wordpress. I suggest you try, tried and it is work.
Related
I am following Udemy:Microservie.
I have created DockerFile for the WebAPI and added Mongo image as database.
when I run the docker-compose -f .\docker-compose.yml -f .\docker-compose.override.yml up -d command, I am getting the following error:
docker-compose.yml file:
version: '3.4'
services:
catalogdb:
image: mongo
catalog.api:
image: ${DOCKER_REGISTRY-}catalogapi
build:
context: .
dockerfile: Services/Catalog/Catalog.API/Dockerfile
volumes:
mongo_data:
docker-compose.override.yml file:
version: '3.4'
services:
catalogdb:
container_name: catalogdb
restart: always
ports:
- "27017:27017"
volumes:
- mongo_data:/data/db
catalog.api:
container_name: catalog.api
environment:
- ASPNETCORE_ENVIRONMENT=Development
- "DatabaseSettings_ConnectionString=mongodb://catalogdb:27017"
depends_on:
- catalogdb
ports:
- "8000:80"
version: '3.4'
services:
catalogdb:
container_name: catalogdb
restart: always
ports:
- "27017:27017"
volumes:
- mongo_data:/data/db
catalog.api:
container_name: catalog.api
environment:
- ASPNETCORE_ENVIRONMENT=Development
- "DatabaseSettings_ConnectionString=mongodb://catalogdb:27017"
depends_on:
- catalogdb
ports:
- "8000:80"
before posting I have spent some time in stack overflow for resolution and tried
Restarting Docker and VS2022
Connected to Internet when running the command
deleted nuget.config in appdata/Roaming.
Added 'DisabledByDefault' and set to 0 in 'Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.3\Client'
but nothing worked.
Can someone Please help on the above issue.
I have an nginx container running wordpress (using docker compose) and the uploads folder assigned to a volume:
vipirs-uploads:/usr/share/nginx/html/website/wp-content/uploads
I can't upload files:
Unable to create directory wp-content/uploads/2022/05. Is its parent
directory writable by the server?
So the actual uploads folder doesn't exist on the host machine.
Normally i would simply set the correct permissions but in this case i'm not sure how i would go about this. As a test i tried setting chmod to 777 on the folder inside the container but that didn't work.
My docker-compose.yml:
version: '3.7'
services:
rhino-php:
platform: linux/amd64
build:
context: ./docker
dockerfile: Dockerfile-php7.4
image: rhino-php
container_name: rhino-php
volumes:
- ./Vipirs-Website:/usr/share/nginx/html
ports:
- 9000
networks:
- vipirs-net
rhino-proxy:
platform: linux/amd64
image: nginx:alpine
container_name: rhino-proxy
depends_on:
- vipirs-website
volumes:
- ./docker/nginx/proxy-live.conf:/etc/nginx/nginx.conf
- /usr/local/share/sites/vipirs.com/docker/ssl/live:/usr/local/etc/ssl/certs
ports:
- 80:80
- 443:443
networks:
- vipirs-net
vipirs-website:
platform: linux/amd64
image: nginx
container_name: vipirs-website
depends_on:
- rhino-php
- vipirs-website-database
volumes:
- ./docker/nginx/site-live.conf:/etc/nginx/conf.d/default.conf
- ./Vipirs-Website:/usr/share/nginx/html
- ./Vipirs-Website/logs/wp-debug.log:/usr/share/nginx/html/website/wp-content/debug.log
- vipirs-uploads:/usr/share/nginx/html/website/wp-content/uploads
- /usr/local/share/sites/vipirs.com/docker/ssl/live:/usr/local/etc/ssl/certs
ports:
- 80
- 443
links:
- rhino-php
networks:
- vipirs-net
vipirs-website-database:
platform: linux/amd64
image: mysql:5.7
container_name: vipirs-db
environment:
MYSQL_ROOT_PASSWORD: vipirs
MYSQL_DATABASE: vipirs
MYSQL_USER: vipirs
MYSQL_PASSWORD: vipirs
volumes:
- ./Vipirs-Website/db:/usr/share/db
- vipirs-db:/var/lib/mysql
restart: always
ports:
- 3306
networks:
- vipirs-net
networks:
vipirs-net:
volumes:
vipirs-uploads:
vipirs-db:
I am using docker-compose, this is my environment
Linux Debian 11 (bullseye)
docker-compose v 1.29.2
ufw v 0.36
this is my daemon.json in /etc/docker
{
"iptables": false,
"dns": [
"8.8.8.8",
"8.8.4.4",
"172.17.0.1"
]
}
This is my docker-compose.yml
version: "3.8"
services:
pgadmin4:
#
# This container runs as user 5050 and group 5050
#
container_name: "pgadmin4-connexx"
restart: unless-stopped
image: "dpage/pgadmin4:latest"
networks:
- leitfeld-net
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
#
# This folder must have owner 5050 and group 5050
# chown 5050:5050 /usr/local/pgadmin4
#
- /usr/local/pgadmin4:/var/lib/pgadmin
- /etc/ssl/certs/pgadmin4cert.pem:/certs/server.cert
- /etc/ssl/private/pgadmin4key.pem:/certs/server.key
ports:
- "5050:443"
environment:
PGADMIN_DEFAULT_EMAIL: "xxxxxxx"
PGADMIN_DEFAULT_PASSWORD: "xxxxxxxx"
PGADMIN_ENABLE_TLS: "True"
php:
container_name: "php-connexx"
restart: unless-stopped
image: "php:7.2-fpm"
networks:
- leitfeld-net
volumes:
- /var/www/html:/var/www/html
natsd:
container_name: "nats-connexx"
restart: unless-stopped
image: "nats:2.0.2"
networks:
- leitfeld-net
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- /usr/local/etc/nats.conf:/etc/nats.conf
- /var/log/:/var/log
ports:
- "4222:4222"
- "8222:8223"
command: "-c /etc/nats.conf"
mqttd:
container_name: "mqtt-connexx"
restart: unless-stopped
image: "eclipse-mosquitto:latest"
networks:
- leitfeld-net
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- /usr/local/mqttd:/mosquitto
- /usr/local/mqttd/data:/mosquitto/data
- /var/log/mqtt:/mosquitto/log
ports:
- "12345:8883"
certbot:
container_name: "certbot-connexx"
restart: unless-stopped
image: "certbot/certbot"
networks:
- leitfeld-net
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- /usr/local/etc/letsencrypt:/etc/letsencrypt
- /var/log/letsencrypt:/var/log/letsencrypt
- /var/www/certbot:/var/www/certbot
- /usr/local/sbin/renewCertificates.bash:/renewCertificates.bash
entrypoint: "/renewCertificates.bash"
nginx:
container_name: "nginx-connexx"
restart: unless-stopped
image: "nginx:latest"
networks:
- leitfeld-net
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- /usr/local/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- /usr/local/etc/nginx/sites-available:/etc/nginx/sites-available
- /usr/local/etc/nginx/sites-enabled:/etc/nginx/sites-enabled
- /usr/local/etc/letsencrypt/:/etc/letsencrypt
- /var/log/nginx/:/var/log/nginx
- /var/www/html:/var/www/html
- /var/www/certbot:/var/www/certbot
ports:
- "80:80/tcp"
- "443:443/tcp"
networks:
leitfeld-net:
driver: bridge
The problem I have is that if I try to do a telnet xxx.xxx.xxx 5050 from external server I have the connection "hanging" and I cannot see the link active by doing netstat -a | grep 5050 but just
tcp 0 0 0.0.0.0:5050 0.0.0.0:* LISTEN
tcp6 0 0 [::]:5050 [::]:* LISTEN
This happens also disabling ufw (# ufw disable).
Now it works but I do not know why, by doing a reboot of the server I still have the same problem.
Then, if I change the daemon.json and put "iptables": false, I restart docker service and I connect to a docker docker exec -it --user root pgadmin4-connexx /bin/sh I am not able to ping anything; for instance ping 8.8.8.8 does NOT respond.
my Docker compose file looks as follows:
version: '3.2'
services:
nginx-web:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: ${NGINX_WEB:-nginx-web}
restart: always
ports:
- "${IP:-0.0.0.0}:${DOCKER_HTTP:-80}:80"
- "${IP:-0.0.0.0}:${DOCKER_HTTPS:-443}:443"
volumes:
- ./data/webproxy/nginx-data/conf.d:/etc/nginx/conf.d
- ./data/webproxy/nginx-data/vhost.d:/etc/nginx/vhost.d
- ./data/webproxy/nginx-data/html:/usr/share/nginx/html
- ./data/webproxy/nginx-data/certs:/etc/nginx/certs:ro
- ./data/webproxy/nginx-data/htpasswd:/etc/nginx/htpasswd:ro
logging:
driver: ${NGINX_WEB_LOG_DRIVER:-json-file}
options:
max-size: ${NGINX_WEB_LOG_MAX_SIZE:-4m}
max-file: ${NGINX_WEB_LOG_MAX_FILE:-10}
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup ${NGINX_WEB:-nginx-web} -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: ${DOCKER_GEN:-nginx-gen}
restart: always
environment:
SSL_POLICY: ${SSL_POLICY:-Mozilla-Intermediate}
volumes:
- ./data/webproxy/nginx-data/conf.d:/etc/nginx/conf.d
- ./data/webproxy/nginx-data/vhost.d:/etc/nginx/vhost.d
- ./data/webproxy/nginx-data/html:/usr/share/nginx/html
- ./data/webproxy/nginx-data/certs:/etc/nginx/certs:ro
- ./data/webproxy/nginx-data/htpasswd:/etc/nginx/htpasswd:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./data/webproxy/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
logging:
driver: ${NGINX_GEN_LOG_DRIVER:-json-file}
options:
max-size: ${NGINX_GEN_LOG_MAX_SIZE:-2m}
max-file: ${NGINX_GEN_LOG_MAX_FILE:-10}
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: ${LETS_ENCRYPT:-nginx-letsencrypt}
restart: always
volumes:
- ./data/webproxy/nginx-data/conf.d:/etc/nginx/conf.d
- ./data/webproxy/nginx-data/vhost.d:/etc/nginx/vhost.d
- ./data/webproxy/nginx-data/html:/usr/share/nginx/html
- ./data/webproxy/nginx-data/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: ${DOCKER_GEN:-nginx-gen}
NGINX_PROXY_CONTAINER: ${NGINX_WEB:-nginx-web}
logging:
driver: ${NGINX_LETSENCRYPT_LOG_DRIVER:-json-file}
options:
max-size: ${NGINX_LETSENCRYPT_LOG_MAX_SIZE:-2m}
max-file: ${NGINX_LETSENCRYPT_LOG_MAX_FILE:-10}
database:
image: mariadb
container_name: database
restart: always
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: 7ctDGg5YUwkCPkCW
entrypoint:
sh -c "/usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
volumes:
- ./data/database/var/lib/mysql:/var/lib/mysql
- ./data/database:/docker-entrypoint-initdb.d
networks:
- backend-network
auth:
image: jboss/keycloak
container_name: auth
restart: always
ports:
- 8443:8443
environment:
DB_VENDOR: mariadb
DB_ADDR: database
DB_DATABASE: users
DB_USER: keycloak
DB_PASSWORD: jk2zKvGkJXBsrNMV
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: M+f{7_Hc>&Z.;6W6
JDBC_PARAMS: "ssl=false"
PROXY_ADDRESS_FORWARDING: 'true'
volumes:
- ./data/webproxy/nginx-data/certs/pm-app.de/fullchain.pem:/etc/x509/https/tls.crt
- ./data/webproxy/nginx-data/certs/pm-app.de/key.pem:/etc/x509/https/tls.key
depends_on:
- database
networks:
- backend-network
# fileupload:
# image: openjdk:14-jdk-alpine
# container_name: fileupload
# ports:
# - 8082:8082
# depends_on:
# - database
# - auth
# volumes:
# - ./fileupload-server.jar:/fileupload-server.jar
# command: ["java", "-jar", "fileupload-server.jar"]
# networks:
# - backend-network
# websocket:
# image: openjdk:14-jdk-alpine
# container_name: websocket
# ports:
# - 8083:8083
# depends_on:
# - database
# - auth
# volumes:
# - ./websocket-server.jar:/websocket-server.jar
# command: ["java", "-jar", "websocket-server.jar"]
# networks:
# - backend-network
# resource:
# image: openjdk:14-jdk-alpine
# container_name: resource
# ports:
# - 8081:8081
# depends_on:
# - fileupload
# - websocket
# - auth
# volumes:
# - ./backend/resource-server.jar:/resource-server.jar
# command: ["java", "-jar", "resource-server.jar"]
# networks:
# - backend-network
# frontend:
# image: nginx:alpine
# container_name: frontend
# ports:
# - 4200:4200
# depends_on:
# - resource
# volumes:
# - ./frontend/nginx.conf:/etc/nginx/nginx.conf
# - ./frontend/dist/propositum-frontend:/usr/share/nginx/html
# networks:
# - frontend-network
wordpress:
image: wordpress:latest
container_name: wordpress
restart: always
environment:
WORDPRESS_DB_HOST: database
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: QKJFUfZbv7jMB5ba
WORDPRESS_TABLE_PREFIX: wp_
VIRTUAL_HOST: domain.de
LETSENCRYPT_HOST: domain.de
LETSENCRYPT_EMAIL: info#domain.de
depends_on:
- database
volumes:
- wordpress_data:/var/www/html
networks:
- backend-network
- webproxy
ftp:
image: stilliard/pure-ftpd:hardened-latest
container_name: ftp
deploy:
replicas: 1
restart_policy:
condition: on-failure
environment:
PUBLICHOST: Ip
FTP_USER_NAME: "ftp"
FTP_USER_PASS: "+/x~qy//vf(S6L:<"
FTP_USER_HOME: "/var/www/html"
FTP_USER_UID: 33
FTP_USER_GID: 33
volumes:
- wordpress_data:/var/www/html
#- ./data/ftp:/etc/ssl/private
ports:
- 21:21
- 30000:30000
volumes:
database_data:
wordpress_data:
networks:
backend-network:
frontend-network:
webproxy:
external:
name: "webproxy"
But when I try to access the wordpress instance over the browser, to start the installation process. And only got an 502 bad gateway.
The interesting thing is that it already worked before, the only thing what I've changed was, that I am moved all config files and directories, which was before in a seperate folder, to the datadata folder (./data/webproxy) and cut out the services from the old docker compose file to an existing one and also edited file paths from the mapped volumes. Hopefully this are enough details to help me, otherwise let me know when you need more information.
So far,
Daniel
I tried using networks, but the network with the folder's name concatenated with "_default" is not found.
If I specify the network like this:
wpcli:
container_name: ...
image: wordpress:cli
working_dir: /var/www/html
depends_on:
- db
- wordpress
networks:
- A_default
I get:
ERROR: Service "wpcli" uses an undefined network "A_default"
although A_default exists in the output of docker network ls.
If I remove the part:
networks:
- A_default
I get this error:
wpcli_1 | Error: This does not seem to be a WordPress installation.
wpcli_1 | Pass --path=path/to/wordpress or run wp core download.
A_wpcli_1 exited with code 1
and only this error in the docker-compose up output.
If I use
volumes:
- /var/www/html
inside the wpcli section of my docker-compose.yml I get the same error.
docker-compose.yml
Below is my docker-compose.yml with sensible information replaced with ...:
version: '3.3'
services:
db:
container_name: A_db_1
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: "no"
environment:
MYSQL_DATABASE: '...'
MYSQL_USER: '...'
MYSQL_PASSWORD: '...'
MYSQL_ROOT_PASSWORD: ...
phpmyadmin:
container_name: A_phpmyadmin_1
depends_on:
- db
restart: "no"
ports:
- "8080:80"
image: phpmyadmin/phpmyadmin
environment:
PMA_HOST: db:3306
PMA_USER: root
PMA_PORT: 3306
PMA_PASSWORD: ...
wordpress:
container_name: A_wordpress_1
depends_on:
- db
image: wordpress:latest
ports:
- "80:80"
volumes:
- type: bind
source: ./html
target: /var/www/html
volume:
nocopy: true
restart: "no"
environment:
WORDPRESS_DB_NAME: '...'
WORDPRESS_DB_USER: '...'
WORDPRESS_DB_PASSWORD: '...'
WORDPRESS_DB_HOST: db:3306
WORDPRESS_TABLE_PREFIX: 'wp_'
WORDPRESS_AUTH_KEY: '...'
WORDPRESS_SECURE_AUTH_KEY: '...'
WORDPRESS_LOGGED_IN_KEY: '...'
WORDPRESS_NONCE_KEY: '...'
WORDPRESS_AUTH_SALT: '...'
WORDPRESS_SECURE_AUTH_SALT: '...'
WORDPRESS_LOGGED_IN_SALT: '...'
WORDPRESS_NONCE_SALT: '...'
wpcli:
container_name: A_wpcli_1
image: wordpress:cli
working_dir: /var/www/html
depends_on:
- db
- wordpress
networks:
- A_default
volumes:
db_data:
Thank you.
Update 1
I have seen this file but I do not find it helpful in my situation.
Update 2
I wish to use a separate container just for WP-CLI because the command
docker run -it --rm \
--volumes-from A_wordpress_1 \
--network A_default wordpress:cli \
$*
does not remove the container after it has done its job, and removing --rm makes me unable to work with the files it has created because I cannot access the volumes of A_wordpress_1 because the temporary WP-CLI container has a different working directory.
I see two problems in your docker-compose file:
(removed) networks section was malformed
./html not mounted in wpcli service
I would try the following:
version: '3.3'
services:
db:
...
phpmyadmin:
...
wordpress:
...
wpcli:
...
volumes:
- type: bind
source: ./html
target: /var/www/html
volume:
nocopy: true
...
volumes:
db_data:
networks:
A_default: