1. はじめに
Docker-composeを用い自動的にSSL 可(自己証明書)の検証をしました。
WordPress 2セット、phpMyAdminを構築しました。
作業機器:Raspberry Pi 4 Model B OS:CentOS 8
2. 検証環境(フォルダ、ファイル)
2.1 フォルダ構成
|---------- .env →環境ファイル
|---------- certs
| server.crt、server.key →自己証明書ファイル
|---------- docker-compose.yml
|---------- php
| php.ini →wordpress設定ファイル
|---------- ssl
| default-ssl.conf →SSL設定ファイル
|---------- tmp
| Dockerfile-pm →phpmyadmin用
| Dockerfile-wp →Wordpress用
2.2 各々のファイル
.env
DBUSER=root
DBPASS=root-pass
DATABASE1=wp1-db
DATABASE2=wp2-db
DBHOST=db:3306
docker-compose.yml
version: '3.3'
services:
db:
image: mariadb:latest
volumes:
- db_data:/var/lib/mysql
restart: always
container_name: mariadb
environment:
TZ: Asia/Tokyo
MYSQL_ROOT_PASSWORD: ${DBPASS}
phpmyadmin:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-pm
volumes:
- ./certs:/etc/ssl/private
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
ports:
- 8243:443
restart: always
container_name: phpmyadmin
environment:
PMA_HOST: db
TZ: Asia/Tokyo
wordpress1:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-wp
volumes:
- ./wp1:/var/www/html
- ./certs:/etc/ssl/private
- ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
- ./tmp:/tmp
ports:
- "8043:443"
restart: always
container_name: wordpress1
environment:
TZ: Asia/Tokyo
WORDPRESS_DB_HOST: ${DBHOST}
WORDPRESS_DB_USER: ${DBUSER}
WORDPRESS_DB_PASSWORD: ${DBPASS}
WORDPRESS_DB_NAME: ${DATABASE1}
wordpress2:
depends_on:
- db
build:
context: ./tmp/
dockerfile: Dockerfile-wp
volumes:
- ./wp2:/var/www/html
- ./certs:/etc/ssl/private
- ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
- ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
- ./tmp:/tmp
ports:
- "8143:443"
restart: always
container_name: wordpress2
environment:
TZ: Asia/Tokyo
WORDPRESS_DB_HOST: ${DBHOST}
WORDPRESS_DB_USER: ${DBUSER}
WORDPRESS_DB_PASSWORD: ${DBPASS}
WORDPRESS_DB_NAME: ${DATABASE2}
volumes:
db_data: {}
php.ini
post_max_size = 20M
upload_max_filesize = 20M
備考:アップロード用ファイルサイズを指定します。
default-ssl.conf
:※省略
32行 SSLCertificateFile /etc/ssl/private/server.crt
33行 SSLCertificateKeyFile /etc/ssl/private/server.key
:※省略
備考:32行、33行のみを修正したファイルです。
Dockerfile-pm
FROM phpmyadmin:latest
RUN service apache2 start
RUN a2ensite default-ssl
RUN a2enmod ssl
Dockerfile-wp
FROM wordpress:latest
RUN service apache2 start
RUN a2ensite default-ssl
RUN a2enmod ssl
RUN chmod 777 /tmp
備考:ファイルアップロード時にtmpフォルダにアクセス権を付与している。
3. 実行します。
# docker-compose up -d
Creating network "docker_wp_default" with the default driver
Creating volume "docker_wp_db_data" with default driver
Pulling db (mariadb:latest)...
latest: Pulling from library/mariadb
a970164f39c1: Pull complete
e9c66f1fb5a2: Pull complete
94362ba2c285: Pull complete
6bcca3b8e9ae: Pull complete
4574fdafdba3: Pull complete
880d0554f10d: Pull complete
42f3039f6a26: Pull complete
84249a7eb6ff: Pull complete
d0c034fd6c1f: Pull complete
2b6de021f14a: Pull complete
0d8fa68dc283: Pull complete
675456d7859d: Pull complete
Digest: sha256:cdc553f0515a8d41264f0855120874e86761f7c69407b5cfbe49283dc195bea8
Status: Downloaded newer image for mariadb:latest
Building phpmyadmin
Step 1/4 : FROM phpmyadmin:latest
---> 9bd7e29f6e60
Step 2/4 : RUN service apache2 start
---> Running in 1053de9c2f76
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 1053de9c2f76
---> 68db5fb82369
Step 3/4 : RUN a2ensite default-ssl
---> Running in 8ddc3b6f9ecb
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
Removing intermediate container 8ddc3b6f9ecb
---> a20eb2b906ec
Step 4/4 : RUN a2enmod ssl
---> Running in 80cd71dbcf92
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
Removing intermediate container 80cd71dbcf92
---> 2e6c3e41fd0e
Successfully built 2e6c3e41fd0e
Successfully tagged docker_wp_phpmyadmin:latest
WARNING: Image for service phpmyadmin was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress1
Step 1/5 : FROM wordpress:latest
---> aa391b024db5
Step 2/5 : RUN service apache2 start
---> Running in 9f1feb98ad8b
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 9f1feb98ad8b
---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
---> Running in 6f10096df3eb
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
Removing intermediate container 6f10096df3eb
---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
---> Running in 406f2cbef4cf
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
Removing intermediate container 406f2cbef4cf
---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
---> Running in 0d2e6a1bf658
Removing intermediate container 0d2e6a1bf658
---> f80f64964118
Successfully built f80f64964118
Successfully tagged docker_wp_wordpress1:latest
WARNING: Image for service wordpress1 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress2
Step 1/5 : FROM wordpress:latest
---> aa391b024db5
Step 2/5 : RUN service apache2 start
---> Using cache
---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
---> Using cache
---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
---> Using cache
---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
---> Using cache
---> f80f64964118
Successfully built f80f64964118
Successfully tagged docker_wp_wordpress2:latest
WARNING: Image for service wordpress2 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating mariadb ... done
Creating wordpress2 ... done
Creating phpmyadmin ... done
Creating wordpress1 ... done
3.1 Dockerを確認します。
# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------
mariadb docker-entrypoint.sh mysqld Up 3306/tcp
phpmyadmin /docker-entrypoint.sh apac ... Up 0.0.0.0:8243->443/tcp, 80/tcp
wordpress1 docker-entrypoint.sh apach ... Up 0.0.0.0:8043->443/tcp, 80/tcp
wordpress2 docker-entrypoint.sh apach ... Up 0.0.0.0:8143->443/tcp, 80/tcp
3.2 Dockerイメージを確認します。
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker_wp_wordpress1 latest f80f64964118 About a minute ago 494MB
docker_wp_wordpress2 latest f80f64964118 About a minute ago 494MB
docker_wp_phpmyadmin latest 2e6c3e41fd0e About a minute ago 430MB
備考:実行中のWARNING: Image for service wordpress2 was built because it did not already exist. に関係していると思われるが?
後書き
Docker-composeとDockerを組み合わせて検証した。SSL可はDockerにインストールされているApacheに対してであった。この方法はあくまで自己検証です!