version: '3.7'
services:
# Database for WordPress
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: example
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
# WordPress application
wordpress:
image: wordpress:latest
depends_on:
- db
volumes:
- wordpress_data:/var/www/html
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
restart: always
networks:
- wordpress_network
# Nginx as a reverse proxy
nginx:
image: nginx:latest
depends_on:
- wordpress
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./certbot/www:/var/www/certbot
- ./certbot/conf:/etc/letsencrypt
ports:
- "80:80"
- "443:443"
networks:
- wordpress_network
restart: always
# Certbot for managing SSL certificates
certbot:
image: certbot/certbot
volumes:
- ./certbot/www:/var/www/certbot
- ./certbot/conf:/etc/letsencrypt
entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;"
networks:
- wordpress_network
restart: always
volumes:
db_data:
wordpress_data:
networks:
wordpress_network:
Configuration Details: Database Service (db):
Uses the official MySQL 5.7 image. Stores the database data in a volume (db_data) to ensure persistence. Configured with typical WordPress database environment variables. WordPress Service (wordpress):
Uses the latest official WordPress Docker image. Depends on the database service (db). Connects to the db service using the provided environment variables. Nginx Reverse Proxy (nginx):
Uses Nginx as a reverse proxy for handling HTTPS traffic.
Configured to serve both HTTP (80) and HTTPS (443) requests.
The configuration is loaded from the ./nginx/nginx.conf file.
Certificates are stored in ./certbot/conf, and webroot is in ./certbot/www.
Certbot (certbot):
Uses the official Certbot image to manage SSL certificates.
Runs continuously to renew the certificate every 12 hours.
Nginx Configuration File (nginx.conf)
You need an Nginx configuration file (nginx.conf) to correctly set up Nginx as a reverse proxy and support the HTTPS setup. Below is a simple version of the Nginx configuration:
nginx
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name your-domain.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
location / {
proxy_pass http://wordpress:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Make sure to replace your-domain.com with your actual domain.
Steps to Use Create Required Directories:
Create directories for Certbot and Nginx configurations:
mkdir -p ./nginx ./certbot/www ./certbot/confAdd nginx.conf:
Create the file ./nginx/nginx.conf as shown above. Run Docker Compose:
Start all services with:
docker-compose up -dInitial Certificate Issuance:
Run Certbot in standalone mode to initially issue the certificate:
docker-compose run certbot certonly --webroot --webroot-path=/var/www/certbot -d your-domain.comReplace your-domain.com with your actual domain name. Automatic Renewal:
Certbot container is configured to automatically check for renewal every 12 hours. Notes: Replace your-domain.com with your actual domain wherever applicable. Ensure your domain points to the server's IP address (DNS setup). This configuration assumes that you are in control of the domain to pass the verification step for Let's Encrypt SSL.