A containerized web stack project that sets up a complete WordPress application with NGINX reverse proxy and MariaDB database using Docker Compose. This project emphasizes security, custom containers, and HTTPS-only access.
This project creates a secure web stack with three interconnected Docker containers:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ NGINX │ │ WordPress │ │ MariaDB │
│ (Reverse │ │ (PHP-FPM) │ │ (Database) │
│ Proxy) │ │ │ │ │
│ │ │ │ │ │
│ Port: 443 │◄──►│ Port: 9000 │◄──►│ Port: 3306 │
│ TLS 1.3 │ │ WordPress CMS │ │ MySQL/MariaDB │
│ SSL Enabled │ │ │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┐
│ Docker Network │
│ inception-net │
└─────────────────┘
- HTTPS-Only Access: Configured with TLS 1.3 and strong cipher suites
- Custom Docker Images: All services built from custom Dockerfiles (no official images)
- Persistent Storage: Database and WordPress files persist using Docker volumes
- Health Checks: MariaDB service includes health monitoring
- Security Hardened: Strong encryption, secure configurations
- Local Development: Works with custom domain (
omartela.42.fr)
- Docker and Docker Compose installed
sudoprivileges (required for volume permissions)makeutility installed
-
Clone the repository:
git clone <repository-url> cd Inception
-
Build and start the services:
cd inception makeThis command will:
- Add
127.0.0.1 omartela.42.frto your/etc/hostsfile - Create necessary data directories
- Build all Docker images
- Start the services
- Set correct permissions for data volumes
- Add
-
Access the website:
- Open your browser and navigate to:
https://omartela.42.fr - Accept the self-signed certificate warning
- Open your browser and navigate to:
inception/
├── Makefile # Build automation and management
├── srcs/
│ ├── .env # Environment variables
│ ├── docker-compose.yml # Service orchestration
│ └── requirements/
│ ├── nginx/
│ │ ├── dockerfile # Custom NGINX container
│ │ └── tools/
│ │ └── nginx.conf # NGINX configuration
│ ├── wordpress/
│ │ ├── dockerfile # Custom WordPress container
│ │ └── tools/
│ │ └── entrypoint.sh # WordPress setup script
│ └── mariadb/
│ ├── dockerfile # Custom MariaDB container
│ └── tools/
│ └── docker-entrypoint.sh # Database initialization
└── muistiinpanot.txt # Technical notes (Finnish)
# Build and start all services
make
# View logs from all services
make logs
# Build and immediately show logs
make debug
# Stop services and remove containers
make clean
# Complete cleanup (removes everything including data)
make fclean
# Rebuild everything from scratch
make re- Website:
https://omartela.42.fr - Admin Panel:
https://omartela.42.fr/wp-admin - Admin Login:
- Username:
superuser - Password:
securepassword
- Username:
- Editor User:
- Username:
editor - Password:
editorpassword
- Username:
# Connect to MariaDB container
docker exec -it mariadb-container bash
# Login to MySQL as root
mysql -u root -p
# Password: salasana
# Show databases
SHOW DATABASES;
# Use WordPress database
USE inception;
# Show tables
SHOW TABLES;- Protocol: TLS 1.3 only
- Ciphers: High-strength ciphers (
HIGH:!aNULL:!MD5) - Certificate: Self-signed certificate for development
- Port: HTTPS only on port 443 (no HTTP access)
- Non-root user execution where possible
- Minimal base images (Debian Bullseye)
- Clean package installation (removes apt cache)
- Proper file permissions and ownership
-
Permission Denied Errors:
sudo chown -R 101:101 /home/omartela/data/mariadb_data sudo chown -R www-data:www-data /home/omartela/data/wordpress_data
-
Site Not Loading:
- Check if
omartela.42.fris in/etc/hosts:grep "omartela.42.fr" /etc/hosts - Verify containers are running:
docker ps
- Check if
-
Database Connection Issues:
- Check MariaDB health:
docker exec mariadb-container mysqladmin ping -h localhost -uroot -psalasana
- Check MariaDB health:
-
SSL Certificate Warnings:
- This is normal for self-signed certificates
- Click "Advanced" → "Proceed to omartela.42.fr" in your browser
# Check NGINX is accessible on port 443
curl -I https://localhost --insecure
# Verify TLS configuration
openssl s_client -connect localhost:443
# Ensure HTTP is not accessible
curl -I --insecure http://omartela.42.fr:443- Base Image: Debian Bullseye
- Purpose: Reverse proxy with SSL termination
- Ports: 443 (HTTPS)
- SSL: Self-signed certificate generated at build time
- Base Image: Debian Bullseye
- Purpose: WordPress CMS with PHP-FPM
- Ports: 9000 (FastCGI)
- Features: WP-CLI included for management
- Base Image: Debian Bullseye
- Purpose: MySQL-compatible database server
- Ports: 3306 (MySQL)
- Storage: Persistent volume for data
Key environment variables (configured in .env):
- All containers use custom Dockerfiles (no pre-built images from Docker Hub)
- Data persistence is handled through bind mounts to
/home/omartela/data/ - Services communicate through a custom Docker network
- Health checks ensure MariaDB is ready before WordPress starts
- The setup follows security best practices for containerized web applications
This project is part of the 42 School curriculum.