├── Assets ├── SSL.png ├── FCGI.jpeg ├── containerd.png ├── https-ssl.jpeg ├── namespaces.png ├── Mariadb_CMD.png ├── Infrastructure.png └── docker-architecture.webp ├── srcs ├── requirements │ ├── mariadb │ │ ├── conf │ │ │ └── 50-server.cnf │ │ ├── Dockerfile │ │ └── tools │ │ │ └── database.sh │ ├── nginx │ │ ├── Dockerfile │ │ └── tools │ │ │ └── ng.sh │ └── wordpress │ │ ├── Dockerfile │ │ └── tools │ │ └── wp.sh └── docker-compose.yml ├── Makefile └── README.md /Assets/SSL.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/SSL.png -------------------------------------------------------------------------------- /Assets/FCGI.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/FCGI.jpeg -------------------------------------------------------------------------------- /Assets/containerd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/containerd.png -------------------------------------------------------------------------------- /Assets/https-ssl.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/https-ssl.jpeg -------------------------------------------------------------------------------- /Assets/namespaces.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/namespaces.png -------------------------------------------------------------------------------- /Assets/Mariadb_CMD.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/Mariadb_CMD.png -------------------------------------------------------------------------------- /Assets/Infrastructure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/Infrastructure.png -------------------------------------------------------------------------------- /Assets/docker-architecture.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMADDABLIGI/42-Network_Cursus-Inception/HEAD/Assets/docker-architecture.webp -------------------------------------------------------------------------------- /srcs/requirements/mariadb/conf/50-server.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | datadir = /var/lib/mysql 3 | socket = /run/mysqld/mysqld.sock 4 | bind_address=0.0.0.0 5 | port = 3306 6 | user = mysql -------------------------------------------------------------------------------- /srcs/requirements/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bullseye 2 | 3 | RUN apt-get update 4 | 5 | RUN apt install -y nginx openssl 6 | 7 | RUN mkdir /etc/nginx/ssl 8 | 9 | COPY tools/ng.sh /copy/ 10 | 11 | RUN chmod +x /copy/ng.sh 12 | 13 | CMD ["./copy/ng.sh"] 14 | -------------------------------------------------------------------------------- /srcs/requirements/mariadb/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bullseye 2 | 3 | RUN apt-get update && apt-get install -y mariadb-server 4 | 5 | COPY tools/database.sh /root/script/ 6 | 7 | COPY conf/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf 8 | 9 | RUN chmod +x /root/script/database.sh 10 | 11 | CMD ["./root/script/database.sh"] -------------------------------------------------------------------------------- /srcs/requirements/wordpress/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bullseye 2 | 3 | RUN apt-get update && apt install -y curl 4 | 5 | RUN apt install -y php php-mysql php-fpm mariadb-client 6 | 7 | RUN sed -i 's#listen = /run/php/php7.4-fpm.sock#listen = 0.0.0.0:9000#' /etc/php/7.4/fpm/pool.d/www.conf 8 | 9 | COPY tools/wp.sh /copy/ 10 | 11 | RUN chmod +x /copy/wp.sh 12 | 13 | CMD ["./copy/wp.sh"] 14 | -------------------------------------------------------------------------------- /srcs/requirements/mariadb/tools/database.sh: -------------------------------------------------------------------------------- 1 | #!bin/sh 2 | 3 | mysqld_safe & 4 | 5 | sleep 3 6 | 7 | mariadb -u root <> etc/nginx/sites-available/default 22 | 23 | nginx -g "daemon off;" -------------------------------------------------------------------------------- /srcs/requirements/wordpress/tools/wp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sleep 6 4 | 5 | curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 6 | 7 | chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp 8 | 9 | mkdir /run/php 10 | 11 | cd /var/www/html && wp core download --allow-root 12 | 13 | mv wp-config-sample.php wp-config.php && wp config set SERVER_PORT 3306 --allow-root 14 | 15 | wp config set DB_NAME $DB_NAME --allow-root --path=/var/www/html 16 | wp config set DB_USER $MARIA_DB_USER --allow-root --path=/var/www/html 17 | wp config set DB_PASSWORD $MARIA_DB_USER_PASSWORD --allow-root --path=/var/www/html 18 | wp config set DB_HOST 'mariadb:3306' --allow-root --path=/var/www/html 19 | 20 | wp core install --url=$DOMAIN_NAME --title=INCEPTION --admin_user=$WP_ADMIN_USER --admin_password=$WP_ADMIN_PASSWORD --admin_email=$WP_ADMIN_EMAIL --allow-root --path=/var/www/html 21 | 22 | wp user create $WP_USER $WP_USER_EMAIL --role=author --user_pass=$WP_USER_PASSWORD --allow-root --path=/var/www/html 23 | 24 | /usr/sbin/php-fpm7.4 -F -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # **************************************************************************** # 2 | # # 3 | # ::: :::::::: # 4 | # Makefile :+: :+: :+: # 5 | # +:+ +:+ +:+ # 6 | # By: idabligi +#+ +:+ +#+ # 7 | # +#+#+#+#+#+ +#+ # 8 | # Created: 2024/02/09 15:10:44 by idabligi #+# #+# # 9 | # Updated: 2024/02/10 10:18:00 by idabligi ### ########.fr # 10 | # # 11 | # **************************************************************************** # 12 | 13 | RUN = docker compose up --build 14 | 15 | CLEAN = docker compose down --rmi all; clear 16 | 17 | all : 18 | cd srcs && $(RUN) 19 | 20 | down: 21 | cd srcs && $(CLEAN) 22 | 23 | re : down all 24 | -------------------------------------------------------------------------------- /srcs/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | mariadb: 5 | image: mariadb 6 | build: ./requirements/mariadb/ 7 | container_name: mariadb 8 | restart: always 9 | networks: 10 | - NT 11 | volumes: 12 | - DB:/var/lib/mysql 13 | env_file: 14 | - .env 15 | 16 | wordpress: 17 | image: wordpress 18 | build: ./requirements/wordpress/ 19 | container_name: wordpress 20 | restart: always 21 | networks: 22 | - NT 23 | volumes: 24 | - WordPress:/var/www/html 25 | env_file: 26 | - .env 27 | 28 | nginx: 29 | image: nginx 30 | build: ./requirements/nginx/ 31 | container_name: nginx 32 | restart: always 33 | networks: 34 | - NT 35 | ports: 36 | - 443:443 37 | volumes: 38 | - WordPress:/var/www/html 39 | env_file: 40 | - .env 41 | 42 | networks: 43 | NT: 44 | 45 | volumes: 46 | WordPress: 47 | driver: local 48 | driver_opts: 49 | o: bind 50 | type: none 51 | device: /home/idabligi/Desktop/data/WP 52 | DB: 53 | driver: local 54 | driver_opts: 55 | o: bind 56 | type: none 57 | device: /home/idabligi/Desktop/data/MariaDB 58 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Inception

2 | 3 | # Table of Contents 4 | 1. [Subject Requirements](#subject-requirements) 5 | 2. [Docker](#docker) 6 | - [I. Definition](#docker-definition) 7 | - [II. Docker Architecture](#docker-architecture) 8 | - [III. Docker CMD](#docker-cmd) 9 | - [IV. How Docker Works ?](#how-docker-works) 10 | - [V. Docker Isolation](#docker-isolation) 11 | - [VI. Does Docker Containers Share the Host OS Kernel?](#docker-container-sharing-kernel) 12 | 3. [MariaDB](#mariadb) 13 | - [I. Definition](#mariadb-definition) 14 | - [II. History of MariaDB](#history-of-mariadb) 15 | - [III. MariaDB CMD](#mariadb-cmd) 16 | - [IV. MariaDB Configuration](#mariadb-configuration) 17 | 4. [WordPress](#wordpress) 18 | - [I. Definition](#wordpress-definition) 19 | - [II. WordPress Configuration](#wordpress-configuration) 20 | - [III. PHP-FPM](#fpm) 21 | 5. [Nginx](#nginx) 22 | - [I. Definition](#nginx-definition) 23 | - [II. HTTPS](#https) 24 | - [III. HTTPS Certification](#https-cert) 25 | - [IV. SSL](#ssl) 26 | - [V. HOW DOES SSL WORKS ?](#how-ssl) 27 | - [VI. Nginx Configuration](#nginx-configuration) 28 | 6. [Ressources](#ressources) 29 | - [Docker](#rs-docker) 30 | - [Mariadb](#rs-mariadb) 31 | - [Wordpress](#rs-wordpress) 32 | - [Nginx](#rs-nginx) 33 | --- 34 | 35 | ## I. Subject Requirements 36 | - This project consists in having you set up a small infrastructure composed of different 37 | services under specific rules. The whole project has to be done in a virtual machine. You 38 | have to use docker compose. 39 |

40 | 41 |

42 | Inception Subject Link 43 |

44 | 45 | --- 46 | 47 | ## II. Docker 48 | 49 | ### I. Definition 50 | - `Docker` is a tool that can package an application and its dependencies into an isolated container. 51 | - `Docker image` is a blueprint or a template for creating Docker containers. It provides all the necessary instructions and dependencies required to create and run a containerized application. 52 | - `Docker Container` is a lightweight, standalone, and executable software package that encapsulates an application and its dependencies, ensuring consistent and reliable execution across different computing environments. It provides a standardized approach to package and deploy applications, allowing them to run in isolation with their own filesystem, libraries, and configuration settings. 53 | - `Docker compose` is a tool that allows you to define and manage multi-container Docker applications. It provides a convenient way to describe the services, networks, and volumes required for your application in a declarative YAML file. 54 | - `Docker volume` is a persistent data storage mechanism that allows containers to share and store data outside of their individual file systems. Volumes are used to persist and share data between containers, as well as between containers and the host machine. 55 | - `Docker network` is a virtual infrastructure that enables communication between containers and the host machine. Docker networks provide isolation, security, and flexibility for containerized applications. 56 | - `Dockerd` shortcut of Docker Daemon which is the core component of the Docker platform. It is responsible for building, running, and managing Docker containers. When you install Docker on your system, it includes the Docker Engine along with other tools and services. 57 | - `Containerd` shortcut of Container Daemon which manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond. 58 | ### II. Docker Architecture 59 | - `Docker` uses a client-server architecture. The `Docker client` talks to the `Docker daemon`, which does the heavy lifting of building, running, and distributing your `Docker containers`. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose, that lets you work with applications consisting of a set of containers. 60 | 61 |

62 | 63 | #### The Docker daemon 64 | The Docker daemon `dockerd` listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services. 65 | 66 | #### The Docker client 67 | The Docker client `docker` is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon. 68 | 69 | ### III. Docker CMD 70 | 71 | | Command | Description | 72 | | :----------- | :----------- | 73 | | docker build . -t `(image)` | This command tells Docker to build an image based on the Dockerfile in the current directory and tag it with the name `(image)`. | 74 | | docker images | list docker images. | 75 | | docker run --name `(ctr)` `(image)` | start a new Docker container `(ctr)` from an image `(image)`. | 76 | | docker run -d --name ctr image | start a new Docker container `(ctr)` from an image `(image)` in the background. | 77 | | docker run -p `443:443` --name ctr image | The -p option specifies the port mapping. It tells Docker to map port 443 from the container to port 443 on the host machine. The format is :.| 78 | | docker run -v `VolumeName`:`/path/in/container` ... | This command mounts the volume `VolumeName` inside the container at the specified `/path/in/container` location. | 79 | | docker ps | This command is used to list all the running Docker containers. | 80 | | docker stop `(ctr)` | This command is used to stop a running container. | 81 | | docker rm -f `(ctr)` | This command is used to remove a Docker container. | 82 | | docker rmi -f `(ctr)` | This command is used to remove a Docker image. | 83 | | docker kill | Kill one or more running containers. | 84 | | docker exec -it `(ctr)` bash| start an interactive bash session inside the specified container `(ctr)`. 85 | 86 | **NOTE :** 87 | There are more commands to use with docker but in this table I specified the top essential Docker commands that you might need in the process of creating your own containers. 88 | 89 | ### IV. How Docker Works ? 90 | Docker is written in the `Go programming language` and takes advantage of several features of the Linux kernel to deliver its functionality. Docker uses a technology called `namespaces` to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container. 91 | 92 | 93 |

94 | 95 |

96 | 97 | 98 | **The process of building Docker images and running containers in relation to Docker, containerd, and runc.** 99 | 100 | **Building Docker Images:** 101 | 102 | 1. When you issue a `docker build` command with a Dockerfile, it is the Docker daemon (`dockerd`) that handles the build process. 103 | 2. The Docker daemon reads the Dockerfile instructions and orchestrates the build process. It pulls necessary base images, executes each instruction, and creates the desired image following the defined steps. 104 | 3. During the build process, the Docker daemon interacts with containerd to manage the image layers, intermediate containers, and storage operations. 105 | 106 | 107 | **Running Containers:** 108 | 109 | 1. When you run a Docker container using the `docker run` command, it is the Docker daemon (`dockerd`) that handles the container creation and execution. 110 | 2. The Docker daemon communicates with containerd and instructs it to create a container based on the specified image. 111 | 3. Containerd, as the container runtime, then utilizes runc to create and manage the container process with the appropriate namespaces, cgroups, and other isolation mechanisms. 112 | 113 | ### V. Docker Isolation 114 | Docker utilizes namespaces and cgroups, which are features provided by the Linux kernel, to achieve isolation for each container. 115 | 116 | 117 | **Namespaces** 118 | 119 | Namespaces play a crucial role in Docker. Docker utilizes namespaces to provide process isolation and resource virtualization, allowing containers to operate as isolated environments within a shared host operating system. 120 | 121 | Here's how namespaces help Docker: 122 | 123 | 1. Process isolation: Docker uses the PID (Process ID) namespace to provide each container with its own isolated view of processes. Each container has its own set of process IDs, separate from other containers and the host system. This isolation ensures that processes within a container cannot interfere with or access processes outside of it. 124 | 2. Network isolation: Docker leverages network namespaces to provide network isolation for containers. Each container has its own isolated network stack, including network interfaces, IP addresses, routing tables, and firewall rules. This isolation allows containers to have their own networking configuration and prevents network conflicts between containers. 125 | 3. File system isolation: Mount namespaces enable Docker containers to have their own isolated view of the file system. Each container has its own set of mounted directories and file systems, independent of other containers and the host system. This isolation ensures that changes made within a container's file system do not affect other containers or the host system. 126 | 4. User isolation: User namespaces provide user and group ID isolation for Docker containers. They allow containers to have their own set of user and group IDs, separate from the host system. This isolation enhances security by preventing container processes from accessing or affecting the host system's user accounts. 127 | 128 | **Cgroups** 129 | 130 | Cgroups, short for control groups, are a feature in the Linux kernel that provide resource isolation and allocation for processes. Cgroups allow you to control and limit the resources (such as CPU, memory, disk I/O, and network bandwidth) that a group of processes can use. 131 | 132 | When it comes to Docker containers, cgroups play an important role in resource management and isolation. Docker leverages cgroups to allocate and limit system resources for each container, preventing one container from monopolizing system resources and impacting the performance of other containers or the host system. 133 | 134 | **NOTE :** 135 | When a process inside a container creates a child process the new child process by default inherits the cgroups and namespaces of he’s parent process. 136 | 137 |

138 | 139 |

140 | 141 | 142 | ### VI. Does Docker Containers Share the Host OS Kernel? 143 | 144 | **LinuxOS :** 145 | 146 | On `Linux` Docker containers share the host operating system's kernel, which means they run on the same kernel as the host machine. This allows containers to be lightweight and provides efficient resource utilization. 147 | 148 | **MacOS :** 149 | 150 | On `macOS`, Docker utilizes a lightweight virtualization technology called "Hyperkit" to run Linux containers. Hyperkit is a hypervisor that is part of the Docker Desktop for Mac application. It provides a Linux environment using a virtual machine running on macOS. 151 | 152 | When you install Docker Desktop for Mac on macOS, it includes a small Linux distribution running inside a lightweight virtual machine (Hyperkit). 153 | 154 | **WindowsOS:** 155 | 156 | On `Windows`, Docker Desktop utilizes a different lightweight virtualization technology called "Hyper-V" to run Linux containers. Hyper-V is a native hypervisor developed by Microsoft and is included in certain editions of Windows, such as Windows 10 Professional and Enterprise. 157 | 158 | When Docker Desktop is installed on a Windows machine with Hyper-V enabled, it creates a Linux-based virtual machine (VM) known as the "MobyLinuxVM" to host and manage the Linux containers. This VM runs alongside the Windows operating system and provides the necessary infrastructure for running Docker containers. 159 | 160 | --- 161 | 162 | ## III. MariaDB 163 | 164 | ### I. Definition 165 | 166 | - `MariaDB` is an open source database to help store and organize data. It’s similar to MySQL (a database management system) and, in fact, a fork to MySQL. The MariaDB database is used for various purposes such as data warehousing, e-commerce, enterprise-level features, and logging applications. 167 | - `Database` is a place to store information that you can quickly retrieve and use where you need it. Compared to writing information on a piece of paper or in a Word document, a database saves all your information in tables so that you can easily retrieve each individual entry in a systematic and precise way. 168 | 169 | ### II. History of MariaDB 170 | 171 | - `MySQL` was initially completely open-source , then it was bought by `Oracle`, since then several organizations have become concerned about Oracle's possibility of making paid its software. 172 | To prevent this, the `MariaDB` foundation creates a version almost identical to MySQL, but completely **open-source**. 173 | 174 | ### III. MariaDB CMD 175 | 176 | | Command | Description | 177 | | :----------- | :----------- | 178 | | service `mariadb` start | Start the Mariadb server. | 179 | | mysqld_safe `&` | Starts the MariaDB server in safe mode as a background process. The & symbol is used to run the command in the background, allowing the script to continue executing while the server is running. | 180 | | mysqld_safe | Starts the MariaDB server in safe mode as a foreground process. | 181 | | mariadb | Access to mariadb as root user. | 182 | | mariadb -u `user` -p`password` -h `host` | Access mariadb using mariadb-client from another machine. -u `user` specifies the username to use when connecting to the database server. `-p...` is used to provide the password for the specified user {no space between -p and the password}. `-h ...` specifies the hostname or IP address of the machine where the MariaDB database server is running. | 183 | | mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY `password`;" | set a password for the mariadb root user. | 184 | | show databases; | Reveal all mariadb databases. | 185 | | use `(name of a database)`; | Acces to that specific database. | 186 | | create database `(name of new database)`; | Create a database. | 187 | | show tables; | Reveal all tables of that database. | 188 | | create table `(name of new table)(arg1, arg2,…)`; | Create a new table. | 189 | | explain `(name of a table)`; | Reveal all the arguments of that table. | 190 | | select * from `(name of a table)`; | Reveal the table values. | 191 | | insert `(table()) value(arg1, arg2, arg3..)`; | Insert values to a specific table. | 192 | | update `(table)` set `(the value to change)`=`new value` where std_id=`2`; | Change an added value. | 193 | | select user from `mysql.user`; | Reveal mariadb users. | 194 | | create user `user`@`%`; | Create user, `%` represents the host or the location from which the user is allowed to connect. The '%' wildcard symbol means that the user can connect from any host. If you want to restrict connections to specific hosts, you can replace '%' with the desired hostname or IP address. | 195 | | create user `user`@`localhost` identified by `password`; | Create user with a password, the localhost will make the user only acces the mariadb from the hostmachine that's running the mariadb server.| 196 | | drop user `user`@`localhost`; | Drop user. | 197 | | GRANT ALL PRIVILEGES ON `*.*` TO `user`@`%`; | This command grants all privileges (ALL PRIVILEGES) to the user `user` for all databases `(*.*)` and all tables within those databases. | 198 | | FLUSH PRIVILEGES; | Ensure the changes take effect. | 199 | 200 | **NOTE :** 201 | You might not need all this commands for the `Inception` project since the `Wordpress` will do all the job for us. But at least you need to know how to acces and reveal the tables inside your mariadb database; 202 | 203 | **Here's an example of accesing to a Wordpress Database and revealing all data inside of the table `wp_users`:** 204 | 205 |

206 | 207 |

208 | 209 | ### IV. MariaDB Configuration 210 | 211 | To configure MariaDB for WordPress, we need to modify the `50-server.cnf` file located at `/etc/mysql/mariadb.conf.d/50-server.cnf`. 212 | 213 | By default, the configuration file contains the line `bind_address=localhost`. This setting restricts the MariaDB server to listen only on the local machine's IP address, preventing access from other machines. 214 | 215 | However, for WordPress to connect to the MariaDB server, we need to change the value from `localhost` to `0.0.0.0` This modification allows the MariaDB server to listen and be accessible from any machine on the network. 216 | 217 | After making this change, WordPress will be able to establish a connection with the MariaDB server, enabling proper communication between the two. 218 | 219 | --- 220 | 221 | ## IV. WordPress 222 | 223 | ### I. Definition 224 | 225 | - `WordPress` is a popular content management system (CMS) that allows users to create and manage websites and blogs easily. It is written in PHP and uses a MySQL or MariaDB database to store content and settings. 226 | 227 | ### II. WordPress Configuration 228 | 229 | #### Step 1: Set up WP-CLI 230 | curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 231 | chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp 232 | - In this step, we set up WP-CLI, a powerful command-line tool for managing WordPress installations. We download the WP-CLI executable, make it executable, and move it to the /usr/local/bin directory. This ensures that WP-CLI is globally accessible from the command line, enabling us to interact with WordPress using simple and convenient commands. 233 | 234 | #### Step 2: Download WordPress 235 | cd /var/www/html 236 | wp core download --allow-root 237 | mv wp-config-sample.php wp-config.php 238 | - In this step, we navigate to the desired directory where we want to install WordPress, typically the web server's document root. We use WP-CLI to download the latest version of the WordPress core files directly from the official WordPress repository. 239 | 240 | #### Step 3: Configure WordPress 241 | wp config set SERVER_PORT 3306 --allow-root 242 | wp config set DB_NAME $DB_NAME --allow-root --path=/var/www/html 243 | wp config set DB_USER $MARIA_DB_USER --allow-root --path=/var/www/html 244 | wp config set DB_PASSWORD $MARIA_DB_USER_PASSWORD --allow-root --path=/var/www/html 245 | wp config set DB_HOST 'mariadb:3306' --allow-root --path=/var/www/html 246 | - In this step, we use WP-CLI to configure the WordPress installation by modifying the wp-config.php file. We set the server port for the database connection, providing the necessary information for connecting to the MariaDB server. We specify the database name, username, password, and host, ensuring that WordPress can establish a secure and reliable connection to the database server. 247 | 248 | #### Step 4: Install WordPress 249 | wp core install --url=$DOMAIN_NAME --title=INCEPTION --admin_user=$WP_ADMIN_USER --admin_password=$WP_ADMIN_PASSWORD --admin_email=$WP_ADMIN_EMAIL --allow-root --path=/var/www/html 250 | wp user create $WP_USER $WP_USER_EMAIL --role=author --user_pass=$WP_USER_PASSWORD --allow-root --path=/var/www/html 251 | - In this final step, we use WP-CLI to install WordPress with the specified configuration. We provide essential details such as the website URL, site title, and administrative user credentials. This command automates the installation process, creating the necessary database tables, generating encryption keys, and setting up the initial administrative user. Additionally, we create a new user with the author role, allowing them to contribute and manage content on the WordPress website. 252 | 253 | ### III. PHP_FPM 254 | - In computing, **Common Gateway Interface** `CGI` is an interface specification that enables web servers to execute an external program to process HTTP/S user requests. 255 | A typical use case occurs when a web user submits a web form] on a web page that uses CGI. The form's data is sent to the web server within an HTTP request with a URL denoting a CGI script. The web server then launches the CGI script in a new computer process, passing the form data to it. The output of the CGI script, usually in the form of `HTML`, is returned by the script to the Web server, and the server relays it back to the browser as its response to the browser's request. 256 | - Instead of creating a new process for each request, `FastCGI` uses persistent processes to handle a series of requests. These processes are owned by the FastCGI server, not the web server. 257 | To service an incoming request, the web server sends environment variable information and the page request to a FastCGI process over either a Unix domain socket, a named pipe, or a Transmission Control Protocol (TCP) connection. Responses are returned from the process to the web server over the same connection, and the web server then delivers that response to the end user. The connection may be closed at the end of a response, but both web server and FastCGI service processes persist. 258 | - `PHP-FPM` (PHP FastCGI Process Manager) is a PHP implementation of the FastCGI protocol. PHP-FPM serves as a FastCGI process manager specifically designed for PHP, providing advanced features and optimizations for handling PHP requests. 259 | 260 |

261 | 262 |

263 | 264 | ### PHP-FPM Configuartion** 265 | 266 | #### Step 1: Install php-fpm 267 | apt install -y php-fpm 268 | 269 | #### Step 2: Configure PHP-FPM to Listen to All IP Addresses 270 | sed -i 's#listen = /run/php/php7.4-fpm.sock#listen = 0.0.0.0:9000#' /etc/php/7.4/fpm/pool.d/www.conf 271 | - the sed command is used to modify the `www.conf` file, replacing the line that specifies the listening socket with a new line that makes PHP-FPM listen on all IP addresses (0.0.0.0) on port 9000. This allows PHP-FPM to accept connections from any IP address on the network. 272 | 273 | #### Step 3: Starts PHP-FPM in the foreground 274 | /usr/sbin/php-fpm7.4 -F 275 | - This command starts PHP-FPM in the foreground (-F flag) using the PHP version 7.4. 276 | 277 | --- 278 | 279 | ## V. Nginx 280 | 281 | ### I. Definition 282 | - `Nginx` pronounced like “engine-ex”, is an open-source web server software used for reverse proxy, load balancing, and caching. It provides HTTPS server capabilities and is mainly designed for maximum performance and stability. 283 | 284 | ### II. HTTPS 285 | - `HTTPS` Hypertext Transfer Protocol Secure is a secure version of HTTP. This protocol enables secure communication between a client (e.g. web browser) and a server (e.g. web server) by using encryption. HTTPS uses Transport Layer Security (TLS) protocol or its predecessor Secure Sockets Layer (SSL) for encryption. 286 | 287 | 288 | The original use for HTTPS was for ecommerce transactions, email, and other sensitive data transfers. Today it has become the standard for all websites. 289 | HTTPS uses a well-known TCP port 443. If the port is not specified in a URL, browsers will use this port when sending HTTPS request. 290 | 291 | ### III. HTTPS Certification 292 | - `HTTPS` employs `SSL` (Secure Socket Layer) or its successor, `TLS` (Transport Layer Security), to establish an encrypted connection between a web server and a client's browser. SSL/TLS certificates play a crucial role in enabling HTTPS by verifying the authenticity and identity of the server. These certificates are issued by trusted Certificate Authorities and contain cryptographic keys that facilitate secure communication. When a website has a valid SSL/TLS certificate installed, it allows for the encryption of sensitive information, such as login credentials and financial transactions, providing an essential layer of security and ensuring the privacy and integrity of data transmitted between the server and the client. 293 | 294 |

295 | 296 |

297 | 298 | ### IV. SSL 299 | - `SSL` Secure Sockets Layer is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). It is more widely known than `TLS`, or Transport Layer Security, the successor technology of SSL. 300 | 301 | ### V. HOW DOES SSL WORKS ? 302 | 303 | When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL Handshake is invisible to the user and happens instantaneously. 304 | 305 | Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa. 306 | 307 | Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data. 308 | 309 |

310 | 311 | 1. **Browser** connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself. 312 | 2. **Server** sends a copy of its SSL Certificate, including the server’s public key. 313 | 3. **Browser** checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key. 314 | 4. **Server** decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session. 315 | 5. **Server** and Browser now encrypt all transmitted data with the session key. 316 | 317 | 318 | ### VI. Nginx Configuration 319 | - The behavior of the Nginx server is determined by its configuration file, typically located at `/etc/nginx/sites-available/default`. This configuration file serves as a vital blueprint, defining how Nginx operates. Within this file, I have made specific adjustments to customize the server's behavior according to the desired requirements and functionality of the subject. 320 | 321 | server { 322 | listen 443 ssl; 323 | ssl_protocols TLSv1.3; 324 | ssl_certificate ${CERTS_PATH}; 325 | ssl_certificate_key /etc/nginx/ssl/NG.key; 326 | 327 | # Set the root directory, index files, and server name 328 | root /var/www/html; 329 | server_name ${DOMAIN_NAME}; 330 | index index.php index.html index.htm; 331 | 332 | location ~ \.php$ { 333 | # Include the FastCGI configuration for PHP 334 | include snippets/fastcgi-php.conf; 335 | fastcgi_pass wordpress:9000; 336 | } 337 | } 338 | 339 | - **listen 443 ssl;** : This line specifies that the server should listen on port 443 (the default HTTPS port) and use SSL/TLS for secure communication. 340 | - **ssl_protocols TLSv1.3;** : It sets the desired SSL/TLS protocol version to TLS 1.3 for secure connections. 341 | - **ssl_certificate ${CERTS_PATH};** : This directive provides the path to the SSL/TLS certificate file used for encryption. ${CERTS_PATH} is a placeholder that should be replaced with the actual certificate path. 342 | - **ssl_certificate_key /etc/nginx/ssl/NG.key;** : It specifies the path to the private key corresponding to the SSL/TLS certificate. 343 | - **root /var/www/html;**: Sets the root directory where the web server will look for files to serve. 344 | - **server_name ${DOMAIN_NAME};** : Specifies the domain name associated with the server block. 345 | - **index index.php index.html index.htm;** : Defines the order in which the server will look for index files (e.g., index.php, index.html, index.htm). 346 | - **location ~ \.php$ { ... }** : This block handles requests for PHP files. It includes a configuration file (snippets/fastcgi-php.conf) that manages the FastCGI process for PHP and forwards requests to the WordPress container at wordpress:9000. 347 | 348 | ## VI. Ressources 349 | 350 | ### Docker : 351 | - [Docker Overview](https://docs.docker.com/get-started/overview/) 352 | - [Docker (YTB-1)](https://www.youtube.com/watch?v=eGz9DS-aIeY) - [Docker (YTB-2)](https://www.youtube.com/watch?v=pTFZFxd4hOI) 353 | - [Docker Network (YTB)](https://www.youtube.com/watch?v=bKFMS5C4CG0&t=615s) 354 | - [Docker Volume (YTB)](https://www.youtube.com/watch?v=p2PH_YPCsis) 355 | - [Docker Network and Volume](https://webdock.io/en/docs/how-guides/docker-guides/how-to-create-and-manage-docker-networks-and-docker-volumes) 356 | - [Docker Compose (YTB-1)](https://www.youtube.com/watch?v=DM65_JyGxCo&t=1s) - [Docker Compose (YTB-2)](https://www.youtube.com/watch?v=Qw9zlE3t8Ko&t=9s) 357 | - [How Docker works ?](https://www.youtube.com/watch?v=-YnMr1lj4Z8) 358 | - [Namespaces - Cgroups (1)](https://resources.infosecinstitute.com/topics/general-security/how-docker-primitives-secure-container-environments/#:~:text=Namespaces%20are%20a%20feature%20of,the%20containers%20from%20the%20host.) - [Namespaces - Cgroups (2)](https://medium.com/@kasunmaduraeng/docker-namespace-and-cgroups-dece27c209c7) 359 | - [Containerd with Namespaces and Cgroups](https://faun.pub/kubernetes-story-linux-namespaces-and-cgroups-what-are-containers-made-from-d544ac9bd622) 360 | - [Namespaces - Cgroups (YTB)](https://www.youtube.com/watch?v=el7768BNUPw) 361 | 362 | ### Mariadb : 363 | - [Mariadb](https://www.forestadmin.com/blog/maria-db-commands/) 364 | - [Mariadb CMD (YTB)](https://www.youtube.com/watch?v=6qtXDsw_X1k&t=12s) - [Mariadb CMD (YTB-2)](https://www.youtube.com/watch?v=MI4590v1QoU&t=11s) 365 | 366 | ### Wordpress : 367 | - [Install WP-CLI](https://blog.sucuri.net/2022/11/wp-cli-how-to-install-wordpress-via-ssh.html) 368 | - [Wordpress Configuration CMD](https://developer.wordpress.org/cli/commands/config/set/) 369 | - [Install Wordpress](https://developer.wordpress.org/cli/commands/core/) 370 | - [Create WP user](https://developer.wordpress.org/cli/commands/user/create/) 371 | - [FCGI](https://en.wikipedia.org/wiki/FastCGI) 372 | 373 | ### Nginx : 374 | - [SSL](https://www.digicert.com/what-is-an-ssl-certificate) - [SSL](https://www.cloudflare.com/en-gb/learning/ssl/what-is-ssl/) 375 | - [TLS](https://www.cloudflare.com/en-gb/learning/ssl/transport-layer-security-tls/) 376 | - [SSL, TLS, HTTP, HTTPS (YTB)](https://www.youtube.com/watch?v=hExRDVZHhig) 377 | - [Nginx Configuration](https://ubiq.co/tech-blog/nginx-ssl-configuration-step-step-details/) 378 | 379 | --------------------------------------------------------------------------------