Go to nginx-proxy directory and execute docker-compose up -d. However, I would recommend docker-compose up first to check for startup errors before going into -d detached mode where containers run in the background. $ cd nginx-proxy/ $ docker-compose up -d $ cd. $ cd wordpress-docker $ docker-compose up -d. Docker run -rm -name nginx-dummy -e VIRTUALHOST=sub.domain.com -e LETSENCRYPTHOST=sub.domain.com -e VIRTUALPORT=80 -network net -d nginx:latest Now if you go to your sub-domain used in the previous command, you should see a message from Ngnix server. WordPress allowed us to focus on building out our product and spend very little time setting up the admin! Anyway fast-forward to the present: We launched on April 5th and already have over 6,000 registered users (free) and 52 paid subscribers with subscription revenue slightly south of $1,000 so far!
WordPress + Docker Double Caching with Redis and Nginx Reverse Proxy While WordPress is great it’s slow and taxing on a webserver. However ultimately Redis’ object cache and the related plugin as well as Nginx’s reverse proxy caching make for an especially fast site.
Introduction
Docker is a great technology which can be used for many purposes. One purpose for using Docker is to deploy WordPress. This tutorial covers deploying multiple WordPress websites on Docker. For this demo we are deploying etopian.com, replace that with your custom domain.
Our custom Docker image
The following is a quick tutorial for deploying your site on Docker. It has been tested and works with sites like www.etopian.com. It also supports using an SSL certificate. It uses Alpine Linux for serving the actual site, the beautiful thing is that a site can be served in around 50mb of ram. Using the process below you can deploy multiple WP sites on the same box, at least 10 sites on a 1gb VPS extremely securely as each site lives in its own container. This container uses Alpine Linux Edge with PHP7. We have found this to be a stable solution, despite being Edge being the testing branch of Alpine Linux. Our image on github.
Security
The process serving the website, Nginx and PHP-FPM, does not run as root. It's no less secure than running a non-root user like www-data to serve your site. If you can breakout to root within the container, you can potentially get to the host system. But that's absolutely no different than any other Linux system. If you break out of www-data on a normal setup to root, then you have root. See Why use Docker with WordPress for more.
Design decisions
We do not use Docker's volume feature. Instead all files including the MariaDB data directory are bind mounted directly from the host. All your files are on the host in the /data directory. This helps with backups and is generally a safe way of dealing with files while dealing with Docker. Let's for instance assume that Docker fails to start and you need to rescue your sites. This way all your files including your database are in /data. If you would use Docker's volumes feature then you would not have any access to any of the sites files. All the NGINX config directories are mounted to /etc/nginx on the host for easy editing and management.
Each WordPress Container contains:
- Nginx
- PHP-FPM
- WP-CLI
- git
- Rsync
- Vim
- Bash
File upload size limit is 2GB
Currently there is no process manager running in the WordPress container, not that this affects things much. We have it on our todo list to use s6 as the process manager. The nginx user is enabled on each container so you can bash into the container as the same user as the site, to use wp-cli. This is a minor security risk. Currrently there is no way to directly SSH into the container, you have to go through the host. There are no plans to add SSH to the container, you have to that yourself if that's something you need.
Install Docker
First install Docker. We are using Docker 1.12.3. We are running Ubuntu Xenial 16.04 LTS
Prepare your WordPress site
Site files need to be located in /data/sites/etopian.com/htdocs, simply copy the files here:
File ownership
The site on your host needs proper file permissions. Go to your site's folder and type the following:
If you are using this image for development on a Linux box, then you will want to edit these files as a different user. You can do that using the following command:
Replace the tokens with their appropriate replacements.
Run NGINX Reverse Proxy Container
This sits in front of all of your sites at port 80 and 443 serving all your sites. It was automatically reconfigure itself and reload itself when you create a new WordPress site container.
Run WordPress Container
Each site runs in its own container with PHP-FPM and Nginx instance.
If you use SSL you need to run your container with the filename of the certificate you are using.
Put your SSL certificate here, with the VIRTUAL_HOST as the file name:
Also check the wp-config section for information on how to modify your wp-config file if you are using SSL/TLS.
Run MySQL/MariaDB Database Container
In order to access MySQL/MariaDB running in a container you need a MySQL client on your host. You can alternatively using the client in the container, described below.
Install MariaDB
Use MySQL from the host
Use MySQL client in the container image
Configure WordPress
wp-config.php
If you need to change the domain of the site put the follow in wp-config.php of your site.
Your site should be working as long as the DNS entries are properly set.
wp-config.php - SSL
Put your SSL certificate here, with the VIRTUAL_HOST as the file name:
If you use SSL you need to run your container with the filename of the certificate you are using. So rm the existing container and recreate a new one with the following environmental variable.
edit wp-config.php in your site's htdocs directory.
wp-config.php
If you need to change the domain of the site put the follow in wp-config.php of your site.
Mail is not routed by the container, you must use an SMTP plugin or Mailgun or AWS SES to route your site's email.
The reason that mail is not routed is because configuring mail to route from the proper domain on a server is often a headache. A further headache is actualty getting mail delivered from an arbitrary IP. A third issue is that mail servers consume resources. A fourth issue is security. So for all these reasons we decided not to implement mail and instead delegate that task to various providers like Mailgun.
Mailgun WP Plugin works fine in the container but the test to see if it is working will fail because it does not correctly set the e-mail address before attempting to send an e-mail. Simply ignore the error, and test the mail from your actual site to make sure it's working.
- https://wordpress.org/plugins/mailgun/ (recommended)
- https://wordpress.org/plugins/wp-ses/
- https://wordpress.org/plugins/wp-smtp/
- https://wordpress.org/plugins/easy-wp-smtp/
- https://wordpress.org/plugins/wp-mail-bank/
Logs
You can view the logs of all your sites using the NGINX proxy container.
If you want to view logs for an individual site, they are in the logs directory on your host.
WP-CLI
WP-CLI is included in the Alpine Linux image. To use it from inside the container in a safe way.
Redis
It is possible to speed up your site with Redis... You need enough memory to support Redis obviously.
You need the following WP plugin:https://wordpress.org/plugins/redis-cache/
Put this in your wp-config.php below the DB_HOST and DB_NAME entries.
Deploy Redis
Go to your site's dashboard and activate the Redis object cache.
Settings > Redis and click the button to activate.
Modifying the image
The image for Alpine Linux running PHP may be found here:https://github.com/etopian/alpine-php-wordpress
You may fork it and modify it to add additional modules and what not.
Adding new PHP modules
The following modules are included with the image etopian/alpine-php-wordpress
List of PHP Modules
Docker Wordpress With Mysql
List of available modules in Alpine Linux, not all these are installed.
In order to install a php module do, (leave out the version number i.e. -5.7.0.13-r0
Example:
DEVOPly is a hosting control panel which does everything taught in this tutorial automatically and much more, backups, staging/dev/prod, code editor, Github/Bitbucket deployments, DNS, WordPress Management. https://www.devoply.com!
Firewall
You should also deploy a firewall on your box. However, it's very easy to lock yourself out of your box, so I will not give you exact instructions on how to do it. The following is what I use for my box using arno-iptables-firewall.
Docker Wordpress Nginx Reverse Proxy
Once the firewall is in place, notice when the box reboots, Docker might not start in the right order and therefore the iptables rules it might need might not be initialized and due to this things might not work. Simply restart the Docker service:
Have issues, comments or questions: Join us on Gitter
Docker Wordpress Nginx Image
Docker DOES NOT own, operate, license, sponsors or authorizes this site. Docker® is a registered trademark of Docker, Inc. Similarly, WordPress Foundation DOES NOT own, operate, license, sponsors or authorizes this site. WordPress® is a registered trademark of WordPress Foundation. wordpressdocker.com Unofficial WordPress Docker Tutorial is not affiliated with Docker, Inc or WordPress Foundation. This site is a not for profit tutorial made available free of charge.