Use Docker Compose, Nginx and MariaDB to implement security hardening of PHP applications
With the frequent occurrence of network attacks and data leaks, protect the security of applications and databases become increasingly important. In PHP applications, using Docker Compose, Nginx and MariaDB can achieve security hardening and provide certain security protection measures. This article explains how to use these tools for security hardening and provides some code examples.
Docker Compose is a tool for defining and running multi-container Docker applications. By using Docker Compose, you can easily manage the running environment, website and database of PHP applications.
First, create a file named docker-compose.yml
and copy the following code into it:
version: '3' services: web: build: ./web ports: - 8000:80 volumes: - ./web:/var/www/html depends_on: - db db: image: mariadb environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=mydb volumes: - ./db:/var/lib/mysql
The above code defines two services:web
and db
. The web
service is used to run PHP applications, while the db
service is used to run the MariaDB database. The build
instruction specifies the Dockerfile used when the web
service builds the image. The ports
instruction maps the container's port 80 to the host's port 8000. volumes# The ## instruction mounts the local
./web directory to the container's
/var/www/html directory for persistent storage and real-time debugging. The
depends_on directive specifies that the
web service depends on the
db service.
web in the directory where
docker-compose.yml is located, and create a folder named
Dockerfile in the folder file, and copy the following code into it:
FROM php:7.4-apache RUN apt-get update && apt-get install -y libpq-dev && docker-php-ext-install pdo pdo_mysql mysqli
nginx in the directory where the
web service is located, and create a folder named
default.conf# in the folder ## file and copy the following code into it: <div class="code" style="position:relative; padding:0px; margin:0px;"><pre class='brush:nginx;toolbar:false;'>server {
listen 80;
root /var/www/html;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}</pre><div class="contentsignin">Copy after login</div></div>
The above code defines an Nginx virtual host and sets the basic website configuration. The
directive specifies the root directory of website files, and the index
directive specifies the default index file. The location
directive is used to process URL requests, the try_files
directive attempts to match a file, and if the file does not exist, redirects the request to the index.php
file. The fastcgi
directive is used to process PHP files and pass the request to the PHP-FPM process.
Create a folder named
db in the directory where docker-compose.yml
is located, and create a folder named my in the folder .cnf
file and copy the following code into it: <div class="code" style="position:relative; padding:0px; margin:0px;"><pre class='brush:ini;toolbar:false;'>[mysqld]
bind-address = 0.0.0.0</pre><div class="contentsignin">Copy after login</div></div>
The above code specifies the IP address bound to MariaDB as
to allow data from any IP address Connection. This increases the accessibility of the database.
is located and run the following command to start the container: <div class="code" style="position:relative; padding:0px; margin:0px;"><pre class='brush:php;toolbar:false;'>docker-compose up -d</pre><div class="contentsignin">Copy after login</div></div>This command will build and start the containers for the web<p> and <code>db
services. The -d
parameter is used to run the container in the background. So far, we have successfully implemented security hardening of PHP applications using Docker Compose, Nginx and MariaDB. By using a containerized programming environment, we can easily manage and secure applications and databases, providing a certain level of security.
The above is the detailed content of Security hardening of PHP applications using Docker Compose, Nginx and MariaDB. For more information, please follow other related articles on the PHP Chinese website!