TRƯỜNG ĐH KHOA HỌC TỰ NHIÊN

KHOA CÔNG NGHỆ THÔNG TIN

LAB
Docker, Crontab, SSL

Techer: Le Ha Minh Student: Truong Minh An

Student ID’s number: 1712263
 Mục lục
Environment: Ubuntu 18.04 LTS.............................................................................................................. 3
1. Prepare ........................................................................................................................................... 3
2. Install Docker and docker compose .................................................................................... 3
3. Defining the Web Server Configuration ............................................................................. 4
4. Defining Environment Variables ........................................................................................... 5
5. Obtaining SSL Certificates and Credentials ...................................................................... 8
6. Modifying the Web Server Configuration and Service Definition ........................... 10
7. Completing the Installation Through the Web Interface .......................................... 12
8. Renewing Certificates ............................................................................................................ 14
9. Reference .................................................................................................................................... 15
Environment: Ubuntu 18.04 LTS
1. Prepare
- 1 server Ubuntu 18.04 LTS Type Network is NAT IP:
192.168.255.179
- Domain: minhanlab.tk with record www.minhanlab.tk
2. Install Docker and docker compose
- First, update your existing list of packages:
root@vmwarelab:/home/antm# apt update -y
- Next, install a few prerequisite packages:
root@vmwarelab:/home/antm# sudo apt install apt-transport-https ca-
certificates curl software-properties-common
- Then add the GPG key for the official Docker repository to your
system
root@vmwarelab:/home/antm# curl -fsSL
https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
- Add the Docker repository to APT sources:
root@vmwarelab:/home/antm# add-apt-repository "deb [arch=amd64]
https://download.docker.com/linux/ubuntu bionic stable"
- Next, update the package database:
root@vmwarelab:/home/antm# apt update -y
root@vmwarelab:/home/antm# updated
- Make sure you are about to install from the Docker repo instead
of the default Ubuntu repo
root@vmwarelab:/home/antm# apt-cache policy docker-ce
 - Finally, install Docker:
root@vmwarelab:/home/antm# sudo apt install docker-ce
- Install docker compose
3. Defining the Web Server Configuration
- First step will be to define the configuration for our Nginx web server.
• Create a project directory for your WordPress setup called wordpress
and navigate to it
• Make a directory for the configuration file nginx.conf

• In this file, we will add a server block with directives for our server name
and document root, and location blocks to direct the Certbot client’s
request for certificates, PHP processing, and static asset requests.
4. Defining Environment Variables
- In your main project directory, ~/wordpress, open a file called
.env and configure as the photo

- initialize your current working directory as a repository with git init

- Then open a .gitignore file and add .env to the file

- Likewise create and configure .dockerignore file

- Then open the docker-compose.yml file and configure like the
photo
• Define your Compose file version and db database service:

• Next, below your db service definition, add the definition for your
wordpress application service:
• below the wordpress application service definition, add the
following definition for your webserver Nginx service:

• Finally, below your webserver definition, add your last service

definition for the certbot service.

• Below the certbot service definition, add your network and

volume definitions:
 • Save and close the file when you are finished editing.
5. Obtaining SSL Certificates and Credentials
- Install docker-compose
- Create the containers with docker-compose up and the -d flag,
which will run the db, wordpress, and webserver containers in
the background:

- Using docker-compose ps, check the status of your services

- check that your certificates have been mounted to the webserver
container with docker-compose exec:

- After request is successful, dit the certbot service definition to

remove the --staging flag and change into --force-renewal in file
docker-compose.yml
- Continue run docker-compose up to recreate the certbot container
6. Modifying the Web Server Configuration and Service Definition
- recreate the webserver service
- Before we modify the configuration file itself, let’s first get the
recommended Nginx security parameters from Certbot using curl:
- Remove the Nginx configuration file you created earlier

- After open another version to config for http and https:

- Before recreating the webserver service, you will need to add
a 443 port mapping to your webserver service definition at the file
docker-compose.yml
 - Next, Recreate the webserver service:

7. Completing the Installation Through the Web Interface

- With our containers running, we can finish the installation through the
WordPress web interface. In your web browser, navigate to your server’s
domain. Remember to substitute minhanlab.tk here with your own domain name:
https://minhanlab.tk
- Configure the some parameters

- Access to web login to configure the web

 - Once logged in, you will have access to the WordPress
administration dashboard:

8. Renewing Certificates
- First create anhd configure bash file ssl_renew.sh
 - Add execute permission for it
• root@vmwarelab:~/wordpress# chmod +x ssl_renew.sh
- Next, open your root crontab file to run the renewal script at a
specified interval: (at 00:00 on 31st of every month )

9. Reference
https://www.digitalocean.com/community/tutorials/how-to-install-
wordpress-with-docker-compose