This docker-compose setup will provide a full web stack containing:
- nginx as web server or reverse proxy
- mariadb as database management system
- PHP 8.3-fpm-alpine with composer
- redis as in-memory cache
- ACME for letsencrypt or self-signed certificates (with automatic renew and support for desec.io)
- PHPMyAdmin
Requires:
The web server and php config contains some security best-practices already (e.g. recommended ciphers by bettercrypto.org and disabled version banners in response headers).
- After cloning the repository to e.g. /opt/ edit the
.envfile to your needs. E.g. add your hostname and set strong passwords for database accounts. You can decide whether to obtain a letsencrypt certificate or generate a self-signed (e.g. when using it in your local network).
cd /opt/
git clone https://github.com/developeregrem/acme-php-nginx-dockerized && cd acme-php-nginx-dockerized
cp .env.dist .env
- Run the following commands:
Remark: When using on an arm platform you need to remove phpmyadmin from the docker-compose file. Official phpmyadmin image is not available for arm yet.
docker compose pull
docker compose build --force-rm --pull
docker compose up --force-recreate -d
Now, all containers should be up and running.
- Afterwards, the SSL certificate needs to be generated. Run the following command:
docker compose exec acme /bin/sh -c "./run.sh"
Once this is done the acme container will run a daily cron job and check whether the certificate needs to be automatically renewed.
Please note: when you use a self-signed certificate you need to remove the HSTS Header Strict-Transport-Security in the file header.snippet otherwise you won't be able to access your site.
- (optional) If you want to perform database backups periodically, I recommend creating a separate db user for this task:
docker compose exec db /bin/sh
mariadb -uroot -p
enter root password defined in .env file and execute the following SQL statement by replacing <backupuser> and <pw> with the values from your .env file:
GRANT LOCK TABLES, SELECT ON *.* TO '<backupuser>'@'%' IDENTIFIED BY '<pw>';
- Test your setup by e.g. creating an
info.phpfile with the following content
<?php phpinfo(); ?>
and place this file in your www root folder (defined in .env file).
Request this file with a browser: https://yourdomain.tld/info.php
PHPMyAdmin is available under /pma/.
When you want to perform automatic database backup you can use the script backup-db.sh from this repo.
The script will execute a backup of the database defined in .env file and by default stores the backup in the following folder (relative to the docker-compose setup)
../dbbackup
It is recommended to setup a cron job which calls the backup-db.sh script. You can use the example in the folder cron.d/
When using this setup a backup will be performed once a day by keeping the last 6 backups. Older backups will be overwritten.
It is also recommended to update the docker images on a regular base (nginx, php, etc.). For this purpose you can use the script update-docker.sh. To setup a cron job you can use the example in the folder cron.d/.
The PHP Dockerfile has some additional modules already installed. The current PHP image can be used, for example, when you use compose to manage your php dependencies and you want to use redis as an in-memory data structure as a database cache or to store php sessions, e.g. in combination with a symfony 4 project. For a complete list of installed modules see the Dockerfile.