Docker + jwilder/nginx-proxy + jwilder/docker-gen + jrcs/letsencrypt-nginx-proxy-companion + php:7-fpm + wordpress:fpm

Question

I know I'm really close on this, but I can't get the last part working. I'm almost positive it has to do with the WordPress container and the PHP container needing to be the same directory? So PHP can process files in that directory? I have been working on this for a week and a half and I'm breaking down, asking for help.

I can most of this working and different combinations - but not this particular combination.

What I'm trying to do is have separate containers for MySQL (and share the database) nginx-proxy WordPress using Nginx (each site with their own WordPress container) PHP 7

I've gotten this working with WordPress using Apache, but that's not what I want.

I have done a lot of reading and a lot of testing and did find that I was originally missing VIRTUAL_PROTO=fastcgi. I see the configs that populate in the nginx-proxy container...they seem right, but I think my confusion has to do with the paths and the virtual environments.

I create docker network create nginx-proxy

These are the files and directories I have... /home/tj/db/docker-compose.yml /home/tj/mysite.com /home/tj/mysite.com/.env /home/tj/nginx-proxy/docker-compose.yml

/home/tj/db/docker-compose.yml

version: "3"

services:
   db:
     image: mysql:5.7
     volumes:
        - ../_shared/db:/var/lib/mysql
     restart: always
     environment:
        MYSQL_ROOT_PASSWORD: somewordpress
        MYSQL_DATABASE: wordpress
        MYSQL_USER: wordpress
        MYSQL_PASSWORD: wordpress
     container_name: db
     networks:
       - nginx-proxy

networks:
  nginx-proxy:
    external:
      name: nginx-proxy

/home/tj/mysite.com/.env

MYSQL_SERVER_CONTAINER=db
VIRTUAL_HOST=mysite.com
DBIP="$(docker inspect ${MYSQL_SERVER_CONTAINER} | grep -i 'ipaddress' | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])')"
EMAIL_ADDRESS=tj@mysite.com
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_USER=wordpress

/home/tj/mysite.com/docker-compose.yml

version: "3"

services:
   wordpress:
     image: wordpress:fpm
     expose:
        - 80
     restart: always
     environment:
        VIRTUAL_HOST: ${VIRTUAL_HOST}
        LETSENCRYPT_HOST: ${VIRTUAL_HOST}
        LETSENCRYPT_EMAIL: ${EMAIL_ADDRESS}
        WORDPRESS_DB_HOST: db:3306
        WORDPRESS_DB_USER: ${WORDPRESS_DB_USER}
        WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_USER}
        WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME}
        VIRTUAL_PROTO: fastcgi
        VIRTUAL_PORT: 3030
        VIRTUAL_ROOT: /usr/share/nginx/html
     container_name: ${VIRTUAL_HOST}
     volumes:
        - ../nginx-proxy/html:/usr/share/nginx/html:rw

networks:
  default:
    external:
      name: nginx-proxy

/home/tj/nginx-proxy/docker-compose.yml

version: '3'

services:
  nginx:
    image: nginx:1.17.7
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - conf:/etc/nginx/conf.d:ro
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true
    restart: always

  dockergen:
    image: jwilder/docker-gen:0.7.3
    container_name: nginx-proxy-gen
    depends_on:
      - nginx
    command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
    restart: always

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    depends_on:
      - nginx
      - dockergen
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
      NGINX_DOCKER_GEN_CONTAINER: nginx-proxy-gen
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: always

  php-fpm:
    image: php:7-fpm
    container_name: php
    environment:
      - VIRTUAL_HOST=docker.nevistechnology.com
      - VIRTUAL_ROOT=/usr/share/nginx/html
      - VIRTUAL_PORT=9000
      - VIRTUAL_PROTO=fastcgi
    restart: always
    ports:
      - 9000
    volumes:
      - ./html:/usr/share/nginx/html

volumes:
  conf:
  vhost:
  html:
  certs:

networks:
  default:
    external:
      name: nginx-proxy

Now, what i was able to get working is if I use "wordpress:latest" instead of "wordpress:fpm", but I don't want to use Nginx and Apache...Apache uses a lot of memory and I have all of my old configs and notes in Nginx, so I'd like to get this working.

I have some Dockerfile things I'm trying to figure out too - like running commands, but let me see if you all can help me with this first.

Another thing - this is more of a generic Linux issue, but over the years I've never been able to figure it out and I just default to using root, which I know is bad practice. So, I have my user "tj" which I created like:

sudo useradd tj sudo usermod -aG sudo tj sudo usermod -aG docker tj sudo usermod -aG www-data tj sudo g+w /home/tj -R *

For Docker, I started working out of my /home/tj directory. When I try to go edit a file or upload, I get a permission issue. But if I change directories and files from www-data:www-data to tj:www-data or tj:tj, it works for me in SFTP or terminal, but then there are web issues, like when I try to upload - www-data has permission issues on the WordPress sid.

Answer 1

So, I know I'm late to the party here but I might have some answers so here goes nothing:

I eventually got that running and more, all in a swarm but I had to tweak the proxy quite a bit: https://github.com/PiTiLeZarD/nginx-proxy

Something I had to wrap my mind around was that the fpm image runs php only! any assets or files has to be bound as a volume in the nginx-proxy and configured so nginx gets the files and not fpm. In my tweaked nginx-proxy I have added something about this in the templates:

{{ if (exists (printf "/etc/nginx/static_files/%s" $host)) }}
root {{ printf "/etc/nginx/static_files/%s" $host }};
{{ end }}

vhost.d/default: I added a section:

location / {
    location ~ \.php$ {
        try_files /dev/null @upstream;
    }
    try_files /assets/$uri $uri @upstream;
}

I tweaked everything to have a LOCATION_PATH=@upstream environment variable (I have many services so some still use the default "/")

vhost.d/default_location, I added the fastcgi config there:

    index index.php;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

There's a lot to configure and keep track of, but hang on, it's possible to make it work.

Regarding the root/user issues, I run my php-fpm images as www-data:www-data (which is 1000:1000) I also make sure that 1000:1000 links to the admin user on the host, this way I don't end up with issues all the time.

fpm's www.conf has a user/group section where you can specify www-data/www-data and I build my images with a trick for users:

# add a NOPASSWD to sudo for www-data
RUN printf 'www-data ALL=(ALL:ALL) NOPASSWD: ALL' | tee /etc/sudoers.d/www-data

# bind www-data user and group from 33:33 to 1000:1000
RUN rmdir /var/www/html \
    && userdel -f www-data \
    && if getent group www-data ; then groupdel www-data; fi \
    && groupadd -g 1000 www-data \
    && useradd -l -u 1000 -g www-data -G sudo www-data \
    && install -d -m 0755 -o www-data -g www-data /home/www-data \
    && find / -group 33 -user 33 2>/dev/null || echo "/var/www" | xargs chown -R 1000:1000

This step will take care of switching everything from root:root to www-data:www-data. I also install sudo in my docker images, I used to not but I had issues which were really hard to fix without it.

Not sure if any of this helps, it's a little disjointed but then again, running this requires a lot of moving pieces to fit perfectly together ;)