search

sprintcube / docker-compose-lamp

A basic LAMP stack environment built using Docker Compose.
MIT License
2.54k stars 1.39k forks source link

[FEATURE] Obtaining a certificate with certbot #257

Closed kaboume closed 3 months ago

kaboume commented 6 months ago

Good morning, I would like to use this docker compose in production to run an old PHP application, of course while applying the following security modifications. And I would like to use certbot to automatically obtain an SSL certificate and I was wondering if one of you had an advanced version of this docker compose with the certbot service (a bit like on this site with nginx: )) Thanks in advance

vingertop commented 5 months ago

Hi, I might help you out with this link: https://linuxhandbook.com/nginx-reverse-proxy-docker/. I use the repo's mentioned there successfully with many other docker-compose configs, including this one, after just minor adjustments. The first three environment vars are for the nginx+letsencrypt reverse proxy, also check the networks and expose, or use something like traefik:

version: "3"

services:
  webserver:
    build:
      context: ./bin/${PHPVERSION}
    container_name: "${COMPOSE_PROJECT_NAME}-${PHPVERSION}"
    restart: "always"
    expose:
      - "80"
    networks:
      - net
    links:
      - database
    volumes:
      - ${DOCUMENT_ROOT}:/var/www/html:rw
      - ${PHP_INI}:/usr/local/etc/php/php.ini
      - ${VHOSTS_DIR}:/etc/apache2/sites-enabled
      - ${APACHE_LOG_DIR}:/var/log/apache2
    environment:
      VIRTUAL_HOST: site1.fqdn
      LETSENCRYPT_HOST: site1.fqdn
      VIRTUAL_PORT: 80
      APACHE_DOCUMENT_ROOT: ${APACHE_DOCUMENT_ROOT}
      PMA_PORT: ${HOST_MACHINE_PMA_PORT}
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      HOST_MACHINE_MYSQL_PORT: ${HOST_MACHINE_MYSQL_PORT}
  database:
    build:
      context: "./bin/${DATABASE}"
    container_name: "${COMPOSE_PROJECT_NAME}-${DATABASE}"
    restart: "always"
    ports:
      - "3306:3306"
    networks:
      - net
    volumes:
      - ${MYSQL_INITDB_DIR}:/docker-entrypoint-initdb.d
      - ${MYSQL_DATA_DIR}:/var/lib/mysql
      - ${MYSQL_LOG_DIR}:/var/log/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}

  redis:
    container_name: "${COMPOSE_PROJECT_NAME}-redis"
    image: redis:latest
    ports:
      - "127.0.0.1:${HOST_MACHINE_REDIS_PORT}:6379"

networks:
  net:
    external:
      name: net
MrOffline77 commented 3 months ago

Hey, I totally get your point. Since this stack is focused for local development I'm going to close this issue. Production grade deployment is not in the scope of the project, since this would involve many more aspects of running software. But your are free to extend your own copy of the project with this feature.