Skip to content

metowolf/docker-lemp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker LEMP

name pulls version layers image size
metowolf/php Pulls Count GitHub release (latest by date) Layers image size
metowolf/nginx Pulls Count GitHub release (latest by date)
mysql/mysql-server Pulls Count
library/redis Pulls Count
phpmyadmin/phpmyadmin Pulls Count

Requirements

Install Docker and Compose

Usage

  1. Clone docker-lemp inside your project
git clone https://github.com/metowolf/docker-lemp.git
  1. Enter the docker-lemp folder and rename .env.example to .env.
cd docker-lemp
cp .env.example .env
cp docker-compose.example.yml docker-compose.yml
  1. Open your project’s .env file and set the following:
MYSQL_ROOT_PASSWORD=your_password
  1. Run your containers:
docker-compose up -d

Running QUIC

The following configuration file can be used as a starting point to enable HTTP/3 support:

http {
    server {
        # Enable QUIC, HTTP/3 and HTTP/2 on both IPv4 and IPv6.
        listen 443 ssl http2;
        listen 443 quic;
        listen [::]:443 ssl http2;
        listen [::]:443 quic;

        ssl_certificate      cert.crt;
        ssl_certificate_key  cert.key;

        # Add HSTS header
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-23=":443"; ma=86400';

        # Enable specific TLS versions (TLSv1 and TLSv1.1 are not longer saft, TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
        ssl_prefer_server_ciphers on;
        ssl_early_data on;
    }
}

Running brotli

  1. Add the following lines into the configuration file of your sites to enable brotli feature:
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

Generally Upgrade

  1. Modify project’s .env file.
vim .env
  1. Rebuild containers:
docker-compose up -d --no-deps --build

Upgrade to Caddyless version

Before git pull

  1. Rename conflicted file if exists:
mv etc/nginx/nginx.conf etc/nginx/nginx.conf.bak

After git pull

  1. Modify project’s .env file.
vim .env
  1. Move Nginx/MySQL/SSL configuration to new directory:
# move nginx configuration
mv etc/nginx/config/* etc/nginx/conf.d/

# move MySQL configuration
rm -fr etc/mysql && mkdir etc/mysql && mkdir etc/mysql/my.cnf.d
mv etc/database/data etc/mysql && mv etc/database/config/* etc/mysql/my.cnf.d

# move SSL configuration
mv etc/ssl etc/nginx
  1. Rebuild containers and remove the Caddy container:
docker-compose up -d --no-deps --build --remove-orphans