Docker Compose for LEMP stack and several separate Wordpress sites

Docker Engine Compose
2

Hi,

Here is something similar to to a site I did with docker compose, running on a single host machine. In this arrangement each Wordpress site is in a separate container. I used haproxy to direct the requests to the appropriate container.

Here is an example docker compose file:

version: '2'

services:
   db:
     image: mariadb
     volumes:
       - /container-volumes/db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: amazingrootpassword
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: amazinguserpassword

   wordpress_site_amazingwebsite_com:
     depends_on:
       - db
     image: wordpress
     volumes:
       - /container-volumes/sites/amazingwebsite_com/site_html:/var/www/html
       - /container-volumes/sites/amazingwebsite_com/apache_etc:/etc/apache2
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_PASSWORD: amazinguserpassword
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_TABLE_PREFIX: wp_amazing_

   wordpress_site_moreamazingwebsite_com:
     depends_on:
       - db
     image: wordpress
     volumes:
       - /container-volumes/sites/moreamazingwebsite_com/site_html:/var/www/html
       - /container-volumes/sites/moreamazingwebsite_com/apache_etc:/etc/apache2
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_PASSWORD: amazinguserpassword
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_TABLE_PREFIX: wp_moreamazing_

   haproxy_ingress:
     depends_on:
      - wordpress_site_amazingwebsite_com
      - wordpress_site_moreamazingwebsite_com
     image: haproxy
     volumes:
      - /container-volumes-config/haproxy_config:/usr/local/etc/haproxy:ro
     restart: always
     ports:
      - 443:443
      - 80:80

Here is an example haproxy config file:

defaults
 option  dontlognull
 option  abortonclose
 maxconn 1000
 contimeout      300000
 clitimeout      300000
 srvtimeout      300000
 option http-server-close
 #option forwarder

frontend ft_secure_sites_passthrough
 bind *:443
 mode tcp

 acl ssl_site_amazingsite_com           req.ssl_sni -i     amazingsite.com
 acl ssl_site_amazingsite_com_www       req.ssl_sni -i www.amazingsite.com

 acl ssl_site_moreamazingsite_com       req.ssl_sni -i     moreamazingsite.com
 acl ssl_site_moreamazingsite_com_www   req.ssl_sni -i www.moreamazingsite.com

 tcp-request inspect-delay 2s
 tcp-request content reject if !ssl_site_amazingsite_com !ssl_site_moreamazingsite_com !ssl_site_amazingsite_com_www !ssl_site_moreamazingsite_com_www

 use_backend bk_ssl_site_amazingsite_com     if ssl_site_amazingsite_com
 use_backend bk_ssl_site_amazingsite_com     if ssl_site_amazingsite_com_www

 use_backend bk_ssl_site_moreamazingsite_com if ssl_site_moreamazingsite_com
 use_backend bk_ssl_site_moreamazingsite_com if ssl_site_moreamazingsite_com_www

backend bk_ssl_site_amazingsite_com
 mode tcp
 server bk_ssl_site_amazingsite_com_01  wordpress_site_amazingsite_com:443 check sni req.ssl_sni

backend bk_ssl_site_moreamazingsite_com
 mode tcp
 server bk_ssl_site_moreamazingsite_com_01  wordpress_site_moreamazingsite_com:443 check sni req.ssl_sni

frontend ft_http_sites
 bind *:80
 mode http
 redirect scheme https code 301 if !{ ssl_fc }

In this case, each Wordpress server is running SSL locally and haproxy passes the HTTPS (SSL) request to the server. It is also possible (if you trust the connection to the servers to be private) to use haproxy to make the HTTPS connection and pass it as a HTTP to the servers.