Ici nous allons voir l'installation est la configuration de Drupal 11 sous docker.
Cet article ne couvrira pas l’installation de docker et / ou le paramétrage de traefik, ils seront couvert dans d'autre articles.
Le but de cet article est de mettre en place un serveur drupal sans erreur d'installation avec un minimun de sécurité.
On commence par
# Drupal with MySQL
#
# Access via "http://localhost:8080"
# (or "http://$(docker-machine ip):8080" if using docker-machine)
#
# During initial Drupal setup,
# Database type: MySQL
# Database name: mysql
# Database username: exemple
# Database password: example
# ADVANCED OPTIONS; Database host: mysql
services:
drupal:
# image: drupal:latest
build: ./drupal # Ici le dossier de compilation de drupal
container_name: drupal # le nom de la machine
depends_on:
- mysql # Ici le nom de hote mysql
environment:
- TZ=Europe/Paris # Variables d'environnement php timezone
- PUID=33 # ID utilisateur systeme
- PGID=33 # ID groupe systeme
security_opt:
- no-new-privileges:true # moins de droits
labels:
- "traefik.enable=true" # activation d'une regle pour Traefik
- "traefik.docker.network=traefik_public" # Nom du reseau traefik
- "traefik.http.routers.drupal.entrypoints=websecure" #point d'entré traefik
- "traefik.http.services.drupal.loadbalancer.server.port=80" # Port de redirection Traefik interne
- "traefik.http.routers.drupal.rule=Host(`domaine1`) || Host(`domaine2`) || Host(`domaine3`)" # Domaine activé pour le drupal pour Traefik
# - "traefik.http.services.drupal.loadbalancer.sticky.cookie.httpOnly=true"
# - "traefik.http.services.drupal.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.routers.drupal.middlewares=cloudflarewarp@file,my-GeoBlock@file,securityHeaders@file" # Utilisation des Middleware Traefik
# - "traefik.http.routers.drupal.middlewares=redirect-to-https"
# - "traefik.http.middlewares.redirect-to-https.headers.sslredirect=true"
# - "traefik.http.middlewares.redirect-to-https.headers.sslProxyHeaders.X-Forwarded-Proto=https"
# - "traefik.http.services.drupal.loadbalancer.sticky=true"
#- "traefik.http.middlewares.drupal.forwardauth.trustForwardHeader=true"
#- "traefik.http.middlewares.drupal.ipwhitelist.sourcerange=ip1,ip2,ip3"
- "traefik.http.routers.drupal.tls=true" # Utilisation du SSL
- "traefik.http.routers.drupal.tls.certresolver=cloudflare" # Serveur de generation du certificat via DNS
networks:
- traefik_public # reseaux public
- interne # acces interne pour bdd
volumes:
- drupal-modules:/var/www/html/modules # Volume nome poue les modules
- drupal-sites:/var/www/html/sites # Volume nome pour les sites
- drupal-profiles:/var/www/html/profiles # Volume nome pour les profiles
- drupal-themes:/var/www/html/themes # Volume nome pour les themes
# - ./html/modules/:/var/www/html/modules/:cached
# - ./html/profiles/:/var/www/html/profiles/:cached
# - ./html/themes/:/var/www/html/themes/:cached
# this takes advantage of the feature in Docker that a new anonymous
# volume (which is what we're creating here) will be initialized with the
# existing content of the image at the same location
# - ./html/sites/:/var/www/html/sites/:cached
# - ./html/sites/:/set/
# - ./php-conf/:/usr/local/etc/php/
#- ./php.ini:/usr/local/etc/php/php.ini
restart: always
mysql:
image: mysql:latest
container_name: mysql
security_opt:
- no-new-privileges:true
# environment:
# - "MYSQL_DATABASE=drupal" # nom de la bdd
# - "MYSQL_USER=drp1" # Utilisateur pour le site
# - "MYSQL_USER_PASSWORD=votremotdepasseuser"
# - "MYSQL_ROOT_PASSWORD=votremotdepassroot"
# command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped
env_file: .env # Utilisation d'un fichier de parametre
networks:
- interne
phpmyadmin:
image: library/phpmyadmin:latest
container_name: phpmyadmin
depends_on:
- mysql
volumes:
- mysql-php:/phpmyadmin
security_opt:
- no-new-privileges:true
environment:
PMA_HOST: mysql
PMA_USER: root
PMA_PASSWORD: votremotdepasse
MEMORY_LIMIT: 2048M
UPLOAD_LIMIT: 50M
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
- "traefik.http.routers.phpmyadmin.entrypoints=websecure"
- "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
- "traefik.http.routers.phpmyadmin.rule=Host(`domaine4`)"
- "traefik.http.routers.phpmyadmin.middlewares=phpmyadmin@docker"
- "traefik.http.middlewares.phpmyadmin.ipwhitelist.sourcerange=adresseip"
- "traefik.http.routers.phpmyadmin.middlewares=cloudflarewarp@file,my-GeoBlock2@file,phpmyadmin@docker"
- "traefik.http.routers.phpmyadmin.tls=true"
- "traefik.http.routers.phpmyadmin.tls.certresolver=cloudflare"
networks:
- traefik_public
- interne
restart: always
networks:
traefik_public:
external: true
interne:
driver: bridge
external: false
volumes:
drupal-modules:
drupal-sites:
drupal-profiles:
drupal-themes:
mysql-php:
Article non terminé