Dockerized WordPress with LEMP
This posting lists and discusses various online tutorials about how to set up WordPress using Docker
and NGINX on a self-managed Linux server. This is sometimes known as LAMP: Linux, Apache, MySql, PHP. Or LEMP: Linux, (E)nginx, MySQL, PHP.
All this is trivial if the hosting provider handles the details. And is still relatively doable if you use Docker containers and Docker Compose files to set it all up. Providing the Docker Compose files work for you.
Otherwise, the complexity – and thus chances of problems – rises dramatically, especially when you want to support HTTPS access to your WordPress site. HTTPS support is actually essential nowadays: without HTTPS, browsers start showing warnings or even block access – resulting in a bad user experience. HTTPS is handled by nginx
, but also implies the need to generate, install and maintain a security certificate.
My main requirements
- a DNS domain name (done). Consider this a prerequisite. The hosting provider usually has a paid subscription service for this.
- WordPress. Upgrading to newer WP versions is handled within the WordPress web interface.
- HTTPS access to the website.
- MariaDB (which is a fork of Oracle-owned mySQL, or MySQL itself), is needed for WordPress.
- Nginx as the reverse proxy, to cover SSL support, but also to set up endpoints (nginx.conf is like Apache’s .
htaccess
) - Nginx (with an add-on for PHP pages) as the server for serving static and dynamic web pages. Alternative: Apache (which has built-in PHP support).
- Docker to keep the software modular, and avoid littering files all over the place.
Docker.Compose
to manage container dependencies.- Nice to have:
- a test environment for experimentation that is separate from the “production” environment. For this, I am aiming at a Synology NAS server. These are Linux based, and allow configuration via custom apps as well as via the command-line.
- managing the configuration (ASCII) files in a GitHub repository (for sharing)
- a copy of Git running on the servers
- an outbound e-mail server (to notify the site’s administrator)
- an inbound e-mail server (unrelated, but to allow e-mail forwarding)
- Portainer as one way to manager Docker-Compose files.
Complications in my case
- The domain is currently already running dockerized WordPress and dockerized MariaDB (but without https, NGINX, or docker-compose). So I can temporarily stop the existing containers when tinkering with the new setup. With some discipline one can run two WordPress setups using different ports.
- Certbot may require a working e-mail address. But site doesn’t host mail server yet.
- Most people generate a certificate with Let’s Encrypt. But my web hosting service includes one certificate that doesn’t require periodic updating.
- Support for a test environment on a Synology NAS (Linux based, but old kernel – see below).
- Access from the public internet didn’t work until the ISP converted me from an IPv4-CGN (where multiple users share an IP address through Network Address Translation) to a fixed IPv4 address. The need for this became clear when it turned out that, although I thought I had a fixed IP address, I couldn’t ping my router from the outside.
- It is very tricky to get access to port 80 on a Synology NAS. Essentially Synology wants port 80 for its web-based administration interface.
The tutorials
- Install WordPress with Docker Compose, Nginx, Apache with SSL (May 2022, Cloudbooklet)
Uses Apache for hosting the web server and Nginx for the reverse proxy and SSL.
Nginx could also have done the web hosting, if you add a module for dynamic pages (PHP).
Seemed to largely work, but no sign of life on either port 80 or port 443.
Error messages around Certbot and Let’s Encrypt.
Some forum messages claim the recipe doesn’t really work, so I didn’t fully debug it.
Weakness: no validation of result per step. Makes debugging hard. But most instructions assume you either get everything right or know how to debug the system. - How To Install WordPress With Docker Compose (Aug 2022, DigitalOcean)
This set of instructions is detailed and usesnginx
as a lightweight web server, with aphp-fpm
add-on to handlePHP
processing. This avoids usingApache
, which has a lot of features, but requires significant resources (NGINX implements multiple connections per thread,Apache
doesn’t). Another pro-feature is that this recipe includes instructions how to save your setup (safely) on GitHub. But the GitHub side only has instructions to avoid publishing sensitive files with say password on GitHub. - How To Set Up WordPress With Free SSL, Docker And nginx-proxy (Aug 2022, Programonaut)
This installation uses Apache, MariaDB and Docker Compose. The NGINX docker image excludes the webserver part to save space: Apache is the web server with PHP support.
A test run of this procedure failed on an old Synology NAS runningDSM 6.2.4-25556 Update 6
, because Apache nowadays requires Linux Kernel 4 support for hardware-assisted random number generation. Unfortunately, the Synology NAS has Linux Kernel v3.10.105, and this cannot be updated on my hardware from 2011. The key error message:Function not implemented: AH00141: Could not initialize random number generator.
This problem causes WordPress to repeatedly shut down and restart (error 1). This problem could be avoided with a more modern Synology NAS (although that only takes the kernel to version 4.x) or by testing directly on my VPS. - urre/wordpress-nginx-docker-compose (Feb 2023, Github)
There are more such Github repositories in the table below. They have varying amounts of documentation (Urre’s has a large readme file). They assume quite some expertise from the reader, but do tend to be maintained because they act as the archive for the actual working config files for somebody’s site. - How to use Docker on a Synology NAS – Tutorial (Mar 2023, WunderTech)
This tutorial is very Synology-specific. Synology can be used for experimentation. It turns out that Synology’s DSM graphical “OS” is built on a more or less standard Linux kernel.
These instructions only cover using Docker and brieflydocker.compose
. Most users will use Synology’s DSM to configure docker through a graphical interface provided by the Docker package. But accessing the NAS withssh
, and accessing individual docker containers withssh
are also demonstrated. The video comes with a written description with additional details, including updates to the original video (because Synology updated their Docker app in DSM 7.1, and Docker even replaced the app with something they callContainer Manager
in the upcoming DSM 7.2 release).
Comparison
Tutorial | CMS | database | webserver | proxy/SSL | PHP | certificates |
Coudbooklet | WP | MariaDB | Apache | Nginx | Apache | Certbot |
DigitalOcean | WP | MySQL | Nginx | Nginx | php-fpm | Let’s Encrypt |
Programonaut | WP | MariaDB | Apache | Nginx | Apache | lets encrypt companion |
Github/urre | WP | MariaDB | Nginx? | Nginx | PHP | mkcert |
Github/mjstealey | WP | MySQL | Nginx | Nginx | php-fpm | Certbot |
Github/masoudei | WP | MariaDB | Nginx | – | php-fpm | – |
Github/jamfire | WP | MariaDB | Nginx | traefic | php-fpm | letsencrypt |
Github/trafex | WP | MariaDB | Nginx | – | php-fpm | – |
Github/eugeneware | WP | MySQL | Nginx | – | php-fpm | – |
Github/iliilibom | WP | MariaDB | Nginx | Nginx | php-fpm | self generated |
Github/pothi wp-in-a-box | WP | MySQL | Nginx | Certbot |
Info on individual components
https://tonylawrence.com/posts/unix/synology/freeing-port-80/
SSH Cheat Sheet by Brad Traversy