This project has been created as part of the 42 curriculum by sheferna.
This project aims to broaden the knowledge of system administration by using Docker. It involves virtualising several Docker images to create a personal virtual machine infrastructure. The goal is to set up a complete web server stack using containers, following strict rules about security, modularity, and automation.
The stack includes a secured WordPress site served by NGINX, a MariaDB database, and several additional services for monitoring and management.
- NGINX: Secure entry point (TLS 1.2/1.3 only, Port 443).
- WordPress: PHP-FPM 8.2 container.
- MariaDB: Database engine.
- Redis: In-memory cache to optimize WordPress performance.
- FTP Server (vsftpd): Direct file access to the WordPress volume.
- Adminer: Lightweight database management interface.
- Static Website: A "Matrix-themed" site running on a Python server.
- System Monitor (Glances): Real-time monitoring of containers and host resources.
- Docker Engine
- Docker Compose
- Make
- A UNIX-like operating system (VM with Debian/Ubuntu recommended)
-
Git clone the repository.
-
Create the
.envfile insrcs/with the following mandatory variables:
DOMAIN_NAME=sheferna.42.fr
SQLDATABASE= SQLUSER= SQLPASSWORD= SQLROOTPASSWORD= SQLHOST=
WPADMINUSER= WPADMINPASSWORD= WPADMIN_EMAIL=name@student.42.fr
WPUSER= WPPASSWORD= WPEMAIL=author@student.42.fr
- Build and launch the infrastructure:
bash: make
The first build may take a few minutes as it compiles dependencies for Glances and other tools.
-
Access the services:
-
WordPress:
https://sheferna.42.fr- Admin Panel:
https://sheferna.42.fr/wp-admin(Login with$WP_ADMIN_USERcredentials). - Verify Redis: Go to Settings > Redis and check that "Status" is "Connected".
- Admin Panel:
-
Adminer:
http://sheferna.42.fr:8080- Login: System: MySQL, Server:
mariadb, User/Pass from.env.
- Login: System: MySQL, Server:
-
Glances:
http://sheferna.42.fr:61208 -
Static Site:
http://sheferna.42.fr:8000 -
FTP: on terminal:
ftp 127.0.0.1- Credentials: Use
$WP_USERand$WP_PASSWORDfrom.env.
- Credentials: Use
-
-
Stop the services:
bash: make down
- Clean everything (containers, networks, images, and data):
bash: make fclean
AI tools were used to debug syntax errors in Dockerfiles and scripts. The logical structure and integration of services were designed manually to ensure understanding of the Docker ecosystem.
- Virtual Machines (VMs): Virtualise the entire hardware and run a full OS kernel. Heavy resource usage and slower boot times.
- Docker: Virtualises the OS (userspace). Containers share the host kernel but have isolated filesystems and processes. Lightweight, fast, and portable. Choice: Docker is used for this project as required by the subject to demonstrate microservices architecture efficiency.
- Environment Variables: Useful for non-sensitive configuration (domain name, public user names).
- Docker Secrets: Secure way to manage sensitive data (passwords).
Choice: We use a hybrid approach. The
.envfile centralises configuration, but theMakefilegenerates physical secret files mounted into containers. This prevents passwords from being exposed indocker inspector environment logs.
- Host Network: The container shares the host's IP stack. Security risk and potential port conflicts.
- Docker Network: Isolated bridge network. Containers communicate using DNS names (
mariadb,wordpress) and only expose necessary ports to the host. Choice: A custom bridge network (inception) is used to isolate internal traffic (DB connection) from external traffic (HTTPS).
- Bind Mounts: Maps a specific host file/directory to the container. Dependent on host OS structure.
- Volumes: Managed by Docker, stored in a protected area.
Choice: We use Bind Mounts for the database and website data mapping to
/home/sheferna/data/. This is a specific requirement of the subject to demonstrate data persistence on the host machine.