Content
Docker tutorial:(With Nginx and LetsEncrypt)
Below is installation instructions for the Docker inside the server named "Elintegro Production Server"
- use Putty or any other shell client to enter the server
$ ssh <your username>@<your ip address>
$<your password>
To install the docker inside my server and deploy my website, i followed these steps.(Here i am installing docker from official repository)
- Update the local database with this command:
**sudo apt-get update**
2. Download dependencies with this command:
**sudo apt install apt-transport-https ca certificates curl software-properties-common**
apt-transport-https : this allows the package manager to transfer files and data over https
ca-certificates : allows the system(web browser) to check security certificates
curl : This is a tool for transferring data
software-properties-common : Adds scripts for managing scripts
- Add Docker’s GPG Key with following command:
**curl -fsSL** **https://download.docker.com/linux/ubuntu/gpg** **| sudo apt-key add**
The GPG key is a security feature. To ensure that the software you’re installing is authentic.
2. Then we need to install the Docker Repository
To install Docker repository, run this command:
sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”
Or
**sudo add-apt-repository "deb [arch=amd64]** **https://download.docker.com/linux/ubuntu** **bionic stable"**
$(lsb_release -cs) : it scans and returns the codename of our ubuntu installation , for now Bionic. Stable is the type of docker release.
3. Update the repositories you just added with the following command:
**sudo apt-get update**
4. Install the Docker:
Here , i am installing latest version of docker with this command:
**sudo apt install docker-ce**
Note: You can install any specific version of docker:
List the available versions of Docker with the command :
**apt-cache madison docker-ce**
and download with this command:
**sudo apt-get install docker-ce=<version>**
5. To check whether the docker is installed or not and which version of docker is installed in your machine hit this command:
**docker --version**
6. To check your installation is working correctly or not , enter this command:
**$ docker run hello-world**
If the output is similar to one below, your installation is correct:
7. Let’s deploy our website in the docker.
To deploy any website on the server, you need two things :
- Dockerfile b.War file of your website(application)
a. So here I create war file of my website from my editor Intellij.
To create war file you need to enter the following command
In intellij , first click : Ctrl + Alt + G , and you can see this:
Then, in the place of command, Hit this command to create a war file
prod war (If you want to create war file from production environment)
dev war (If you want to create war file from development environment)
qa war (If you want to create war file from qa environment)
Here I am creating my war file from the production environment:
After successfully created , you can see the war file in this directory…
Copy this war file and put it in some directory (which contains this war file and the docker file only)
b. Create a dockerfile named as Dockerfile(the docker file name should be Dockerfile) like this:
Save this Docker file in the same directory where you kept the war file like this...
10. Then copy both the files from your local machine to the server where you want to deploy the website.
- To copy the war file, open your terminal (GitBash) and enter this command:
scp ROOT.war [email protected]:~
and you should enter your server user password..(erfGc-99!)
Similarly copy the Dockerfile also with this command:
scp Dockerfile [email protected]:~
(again enter your password)
2. Now after successfully copying these files, you need to login in your server with this command:
**ssh [email protected]**
And enter your password here also…
Then you enter the server and now hit the command: ls
You can see their your copied files.
Note: Here, you can see the symbol “#” so you have access for any command that’s why you shouldn’t hit sudo with any command. If you can’t see that symbol or you don’t have access you should enter sudo before every command (for eg. sudo ls).
11. Create a empty directory with this command:
mkdir elintegro
Move two files inside that newly created directory with this command
mv Dockerfile elintegro/ (For Dockerfile)
mv ROOT.war elintegro/ (For war file)
You have a war file and a Dockerfile to deploy the website. Now you need Tomcat and mysql inside the docker machine so let’s get them.
Installing Tomcat in the docker
12. To install Tomcat in your server through docker hit this command.
**docker pull tomcat**
(This will download the latest version of tomcat, if you need a specific version you can enter the command like this docker pull tomcat:<version>)
After completing installation you can see the image of the tomcat you installed there . To check the images you can hit this command.
docker images
Installing MySQL in the docker
You can check here also:
13 . To install MySql in your server through docker, enter the following command:
**docker pull mysql:5.7**
(Here in the place of 5.7 you can put any version number of mysql you want to download)
After completing installation you can see mysql image there also with the command:
docker images
With that mysql image, let’s create the mysql container. To create mysql container , enter this command:
**docker run --name=elint-mysql -d -p 3316:3306 --env=”MYSQL_ROOT_PASSWORD=root1234” mysql:5.7**
docker run --name=<any name> -d -p <any port>:3306 --env=”MYSQL_ROOT_PASSWORD=<any password>” mysql image
You can see the container there..with this command:
**docker container ls -a**
OR
**docker ps -a**
After creating container , to enter inside the mysql server , hit this command:
**docker exec -it elint-mysql bash**
docker exec -it <container name> bash
Connect to the mysql:
**mysql -u root -p**
Then enter the password you created while making container (root1234)
You successfully entered into mysql server.
Any databse command can be in this shell
**show databases;**
**create database<database_name>;**
A new user: The new username and password should be similar as the username and password you put in the war file (for example in a production environment)
To create a new user, enter this command:
**create user <username> identified by <password>;**
e.g : create user ‘developer’@’%’ identified by ‘root1234’;
Note: If you need to connect your created user (developer) from any client, you should create the user with “%” which signifies, you can connect this user from any host.
Granting access to the user:
**grant all privileges on *.* to <username>;**
**flush privileges;**
14. Granting permission to the files to be able to execute:
- exit from the mysql server
- go to the directory where the Dockerfile and war files are kept:
**cd elintegro**
**ls**
**chmod 555 Dockerfile**
**chmod 555 ROOT.war**
Build and deploy our website.
To build our website: make sure you are in the directory which contain your war file and Dockerfile, and type:
docker build -t <any name>
for example:
**docker build -t elintegro-website**
After building successfully, check the image you just built with the command:
**docker images**
Then we should run that image with this command:
docker run -publish <any port>:8080 --detach --name <container-name(you can give any name here)> <image-name>
for example:
**docker run --publish 9090:8080 --detach --name elintegro-app elintegro-website**
The application is running with the docker container (elintegro-app).
Check your application in any browser. For that :
- Go to any browser (Chrome , Edge , Mozilla ….)
- Then enter the url :
- <your-ip>:<port>
- i.e 95.217.159.62:9090/whateverURI
NGINX
Allows to map a domain to an ip/port url
- Install the nginx in your server with those commands:
**apt-get update**
**apt-get install nginx**
It should install nginx on your server in the defualt directory:
cd /etc/nginx/
check out the directories inside
We need two directories specially
- sites-available and
- sites-enabled.
In the directory “sites-available”
cd /etc/nginx/sites-available/
ls should show the default file
Use any editor to create a confg file for your domain-name here.
for example:
**vim <your-domain-name>**
Now empty file is opened, so to edit or insert anything in that file, hit Shift + i
Copy/past and save:
server {
listen 80;
listen 8080;
server_name <your-domain-name>
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://<your-ip>:<your port for the docker container>;
}
}
Reminder: tTo save any file written or edited in vim editor , you need to first enter Esc and type :wq and hit Enter.
Create a symlink this file with the directory “sites-available” in your nginx:
**ln -s /etc/nginx/sites-available/<your-domain-name /etc/nginx/sites-enabled/**
Check your nginx status with the command :
**nginx -t**
If it shows confg file is successful or OK , it is working well but if it shows some error, you need to check your confg file properly.
Then enter this command to restart/reload your nginx.
**systemctl reload nginx**
Check your nginx status with this command:
**systemctl status nginx**
Check the domain redirection in a browser.
CERTBOT
Currently the application is running in http mode .
To secure your website (i.e with https) you need to configure ssl certificate to your domain.
Lets configure ssl certificate with Certbot .
- Install certbot in your server:
**apt-get update**
**apt install python-certbot-nginx**
OR
if you have upgraded version use following command:
**sudo apt-get install python3-certbot-nginx**
Now, the certbot is successfully installed on your server. So let's create ssl certificate for your domain..
To create ssl certificate for the domain, hit this command:
**certbot --nginx -d <your-domain-name>**
While creating the certificate , you should provide your email address to renew the ssl certificate after some time.
It will ask :
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enter “2” , because you are redirecting http into https..
The following message will appear:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
…………………………………………………………………………………
So , your certificate is finally created and nginx automatically setup this certificate with your confg file you symlinked in the directory “sites-enabled”
You can check there with this command
**vim /etc/nginx/sites-enabled/<your-domain-name>**
You can see there :
server {
server_name example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://0.0.0.0:8090;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = quizzable.elintegro.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen 8080;
server_name quizzable.elintegro.com;
return 404; # managed by Certbot
}
To test, go to the browser and enter your domain there, you can see your website is running in https mode.
Congratulation you successfully secured your website with https. :)
Note: To limit the file upload size in server (if you are using nginx)
- Go to /etc/nginx
- Hit this command :
**vim nginx.conf**
- Then inside http (if you are hosting multiple sites ), inside server (if you are hosting single site) , insert this:
//for multiple sites
http {
client_max_body_size 100M; //use your required size here
….other lines
}
Or
//for single site
server{
client_max_body_size 100M; //use your required size here
….other lines
}
- After saving above config , hit command :
**systemctl reload nginx**
- Now your file size limit has been added.
RESOURCES: