Docker Discuss CentminMod Docker Image

I'm interest in build a WordPress Docker image based on the CentminMod stack. When I first started, my goal was to build a CentminMod image, but I realised we don't need most of the services to run inside the container. So this raises my question…

In your experience, what are the CenminMod components you would include in a Docker container?

I'm thinking about Nginx + PHP-FPM + WP-CLI. I'm running MariaDB as a dedicated container (tutum/mariadb) but I also want to build my own, since most of the images available today are based on the Ubuntu 14.04 image base.

Well, that's it… just throwing some thoughts

---

 

I was thinking about Memcached as a dedicated container, just like MariaDB, in order for multiple apps (containers) to be able to use it, without having multiple instances of it running on the server.

I still learning, will post the results when I have more experience. I have a small CoreOS cluster where I'm doing tests and learning about linux containers.

Merry Christmas

 

Eva, using centmin.sh script, is there a way to completely bypass the installation of everything except for the services I really need for the Docker image, for example NGINX + PHP-FPM?

 

Hi guys, I took the first step into building a WordPress Docker image. It's named NP-STACK in tribute of the time-saving nprestart shortcut from CentminMod and is based on the CentOS 7 official build.

The NGINX and PHP-FPM configuration are also based in CentminMod defaults
It would be nice to get some feedback.

tropicloud/np-stack · GitHub

Cheers,
Guigo

 

Finally it's here! WP-STACK is a minimal WordPress stack for Docker.
It's in its infancy, as I myself still a Docker beginner.

tropicloud/wp-stack · GitHub

It would be great to get some feedback in order to improve it based on different points of view.

Cheers,
Guigo (gheego)

 

I'm also short of time, there's a bunch of features I want to include in both stacks mentioned earlier, but it will have to wait a little. Most significant ones should be...

• Compile NGINX from source (to include NASXI, PageSped, etc..)
• Auto-configure WP Super Cache + Autoptimize
• Ability to specify a URL to import a WP from (zip, backwpup, etc...)
• Command line tool to managed the container (import, export, add users, set roles, etc...)

I'm still impressed by the performance, very impressed. Even without any kind of optimization the site was flying. It's faster than the fastest site I've ever setup on any server or VM. I believe it's because of very few processes running inside the container.

Code:

[root@62a9e3d3995b /]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1  11608  1568 ?        Ss   01:23   0:00 /bin/bash wps start
root       233  0.2  1.2 113156 12424 ?        S    01:23   0:00 /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisord.conf
root       236  0.0  0.6  50360  6232 ?        S    01:23   0:00 /usr/bin/python /usr/bin/supervisor_stdout
root       237  0.0  0.0   4348   364 ?        S    01:23   0:00 tail -f /var/log/nginx.log
root       238  0.0  0.4  99232  4072 ?        S    01:23   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
root       239  0.0  0.0   4348   360 ?        S    01:23   0:00 tail -f /var/log/php-fpm.log
root       240  0.0  2.4 452952 25168 ?        S    01:23   0:00 php-fpm: master process (/etc/php-fpm.d/www.conf)
nginx      241  0.0  0.2 100548  2832 ?        S    01:23   0:00 nginx: worker process
root       253  0.1  0.1  11740  1752 ?        S    01:24   0:00 bash

I will encourage you to test it, your opinion is very important to me. Beside this, using the DigitalOcean Docker image and the instructions on the GitHub, you will have a WP site online in less than 2 minutes!! (I just did it in order to get the ps aux info)

Obs. When you find some minutes to try it, don't forget to include your email since I've been scratching my head to create a way to send fancy welcome emails

I'm going to sleep. Thanks for everything today. I'm very happy to be back to the community!

 

Hey @eva2000, I'm really glad you've took a look on that. The easiest way to get started with NP-Stack is running the following command on a Docker Host:

Code:

docker run -p 80:80 -p 443:443 -d tropicloud/np-stack

That command will pull the image from the Docker Registry Hub and start a container based on that image. To access the container you'll need the container ID. You can get the ID running docker ps or docker ps -l, then simply run:

Code:

docker exec -it <container-id> /bin/bash

Here's en example:

Code:

root@docker:~# docker run -p 80:80 -p 443:443 -d tropicloud/np-stack
Unable to find image 'tropicloud/np-stack:latest' locally
Pulling repository tropicloud/np-stack
f3e466b02adf: Download complete
511136ea3c5a: Download complete
5b12ef8fd570: Download complete
8efe422e6104: Download complete
452909fdbac9: Download complete
9201a7efa26e: Download complete
fe426ea10af0: Download complete
2e6981559124: Download complete
42a433bdfafc: Download complete
75c45fae2f01: Download complete
Status: Downloaded newer image for tropicloud/np-stack:latest
42437a36618cdbdb691f29870593a29bea6e337114c2658e8d793b9c99e30d60
root@docker:~# docker ps
CONTAINER ID        IMAGE                        COMMAND                CREATED             STATUS              PORTS                                      NAMES
42437a36618c        tropicloud/np-stack:latest   "/bin/bash nps start   9 minutes ago       Up 9 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   sleepy_hopper    
root@docker:~# docker exec -it 42437a36618c bash
[root@42437a36618c /]#

I use a few shortcuts to access newly created containers:

# login to last container
docker exec -it $(docker ps -l | grep \" | awk '{print $1}') bash

# last container logs
docker logs $(docker ps -l | grep \" | awk '{print $1}')

# remove all containers (be careful)
docker ps -a | grep \" | awk '{print $1}' | xargs docker rm -f

Here's another example:

Code:

root@docker:~# docker logs $(docker ps -l | grep \" | awk '{print $1}')
2015-02-20 01:39:05,453 CRIT Supervisor running as root (no user in config file)
2015-02-20 01:39:05,486 INFO RPC interface 'supervisor' initialized
2015-02-20 01:39:05,486 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2015-02-20 01:39:05,487 INFO supervisord started with pid 11
2015-02-20 01:39:06,491 INFO spawned: 'stdout' with pid 14
2015-02-20 01:39:06,530 INFO spawned: 'nginx-log' with pid 15
2015-02-20 01:39:06,546 INFO spawned: 'nginx' with pid 16
2015-02-20 01:39:06,551 INFO spawned: 'php-fpm-log' with pid 17
2015-02-20 01:39:06,566 INFO spawned: 'php-fpm' with pid 18
2015-02-20 01:39:07,798 INFO success: stdout entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-02-20 01:39:07,798 INFO success: nginx-log entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-02-20 01:39:07,798 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-02-20 01:39:07,799 INFO success: php-fpm-log entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-02-20 01:39:07,799 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
root@docker:~#

NP-Stack is already in need of an update. While creating WP-Stack, I realised many things to improve on NP-Stack. For now, it's serving it's initial purpose of being a base image to WP-Stack. This second stack is more complex and has some nice features like environment variables dump and external database connection. If you can have a look int this one, you will get even more insight about the NP-Stack.

Both stacks are just being born and I really count with help and support to improve it. One thing I can anticipate is the need to build NGINX from source in order to support PageSpeed and Naxsi. For me, CentminMod compatibility is a must and something I'll always strive to achieve. In fact, I was about to write you to ask if you can help with the script to build NGINX and PHP from source

Again, thank you very much for taking the time, I really appreciate!

Cheers,
Gheego

 

ps aufx is fancy!

I thought I was already creating the SSL certificate with sha256.

Code:

openssl req -nodes -sha256 -newkey rsa:2048 -keyout app.key -out app.csr -config openssl.conf -batch
openssl rsa -in app.key -out app.key
openssl x509 -req -days 365 -in app.csr -signkey app.key -out app.crt

np-stack/nps-setup.sh at master · tropicloud/np-stack · GitHub

For the HSTS and SPDY headers, I believe it's due the fact of a single server block for both 80/443 ports? To be honest, I don't know if this is a problem or how to fix it. Do you think it's better to use different servers blocks for each port?

In most Docker scenarios, there will be a proxy or load balancer in front of the application, in this sense, I was trying to make the container's NGINX config more generic and minimalist. If you want to experiment with a proxy, try running the WP-Stack with Dokku-alt (Heroku style). Install Dokku-alt and follow the instructions on GitHub.

tropicloud/wp-stack · GitHub

 

As for the MariaDB issue, you need to link containers in order to access the specific ports, in this sense, the MariaDB container should be accessible by other containers and not the Docker Host. Also, why not use the official MariaDB build? When I first started with Docker, I decided to stick with the CentOS 7 official build and MaraiDB official build as the base images for my apps. In CentOS 7, MariaDB is default and I found very easy to integrate WP-Stack with it using it's default environment variables. I've also included support for Dokku-alt MariaDB plugin:

Spoiler: https://github.com/tropicloud/wp-stack/blob/master/bin/wps-env.sh

Code:

function wps_environment() {

# ------------------------
# DATABASE URL
# ------------------------

if [[ -z $DATABASE_URL ]]; then

DB_HOST=$(env | grep 'MARIADB_PORT_3306_TCP_ADDR' | cut -d= -f2)
DB_PORT=$(env | grep 'MARIADB_PORT_3306_TCP_PORT' | cut -d= -f2)
DB_NAME=$(env | grep 'MARIADB_ENV_MYSQL_DATABASE' | cut -d= -f2)
DB_USER=$(env | grep 'MARIADB_ENV_MYSQL_USER' | cut -d= -f2)
DB_PASS=$(env | grep 'MARIADB_ENV_MYSQL_PASSWORD' | cut -d= -f2)
DB_PROT=$(env | grep 'MARIADB_PORT_3306_TCP_PROTO' | cut -d= -f2)

export DATABASE_URL=${DB_PROT}://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}

else

DB_HOST=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d: -f1)
DB_PORT=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d: -f2 | cut -d/ -f1)
DB_NAME=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d\/ -f2)
DB_USER=$(env | grep 'DATABASE_URL' | cut -d: -f2 | sed 's|//||g')
DB_PASS=$(env | grep 'DATABASE_URL' | cut -d: -f3 | cut -d@ -f1)

fi

# ------------------------
# ENV. SETUP
# ------------------------

env | grep = >> /etc/environment

mkdir -p /etc/env

for var in $(cat /etc/environment); do
key=$(echo $var | cut -d= -f1)
val=$(echo $var | cut -d= -f2)
echo -ne $val > /etc/env/${key}
done

}

In my opinion, the Docker Host should have no software installed beside Docker (and some security), that's the beauty of Docker. CoreOS was a great starting point for me to better understand Docker and Linux containers.

It matters little where your apps will run, they can run in ANY machine (CentOS/Ubuntu/OSX/etc...) where Docker can be installed. The principle of using containers (if my designer mind can grasp it) is to build platform agnostic apps that can run anywhere and scale very easily. Also, it kills the necessity of server maintenance, since the server itself is running nothing besides the OS and Docker/Rocket/LXC, etc... that's what they call microservices, right? When you need to update your app environment, you update the Docker file and deploy it again, quick and easy.

I really recommend that you follow these DigitalOcean's CoreOS tutorials in order to gain understanding and experience with Docker. But be warned, it can heavily influence the future of CentminMod (for good)

In my mind, I imagine future versions of CentminMod as a service orchestration for LEMP based apps. Have a look into Deis.io, Flynn.io, Panamax.io and Dokku-alt (now Deis little brother). Also check this curated list of Docker resources.

Sorry for throwing many things at once!

Cheers

 

Yep, Docker really makes life easier. CoreOS has announced the creation of it's own container runtime called Rocket. Competition will certainly accelerate the technological growth of this field and so, we can expect good things to come in the near future.

As for the Docker host to access services in containers, I believe you can achieve this through private networking.

Advanced networking - Docker Documentation

And if Docker says your container is not running, it might have exited prematurely. What's the result of docker ps -a and docker logs <ID> ?

Docker - Linode Guides & Tutorials

That's why the need for supervisord or something alike.