A basic NGINX cookbook for CHEF

Ok, this is how create a simple nginx cookbook for Chef.

For this example I don’t use chef-server, but i work directly on the machine. In my case the machine is a Vagrant VM based on Ubuntu/xenial64, but i think that you can use a VPS or Cloud service and others Linux OS.

As first thing to do, we must install ChefDK on our machine:

curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chefdk -c stable

Then we have to create a folder called cookbooks where we will go to insert our cookbooks:

mkdir cookbooks

inside the cookbooks folder we create our first cookbook named mynginx:

cd cookbooks

chef generate cookbook mynginx

Edit the file default.rb in in mynginx/recipes/default.rb

package 'git'
package 'tree'

package 'nginx' do
  action :install
end


service 'nginx' do
  action [ :enable, :start ]
end


cookbook_file "/var/www/html/index.html" do
  source "index.html"
  mode "0644"
end

template "/etc/nginx/nginx.conf" do   
  source "nginx.conf.erb"
  notifies :reload, "service[nginx]"
end

from inside the mynginx folder I must generate a file index.html:

chef generate file index.html

edit the file index.html in files/default/index.html

<html>
  <head>
    <title>Hello there</title>
  </head>
  <body>
    <h1>This is a test</h1>
    <p>Please work!</p>
  </body>
</html>

create a templates named nginx.conf:

chef generate template nginx.conf

edit the file nginx.conf.erb in templates/nginx.conf.erb and insert your custom configuration of nginx.

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
 worker_connections 768;
 # multi_accept on;
}

http {

 ##
 # Basic Settings
 ##

 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 # server_tokens off;

 # server_names_hash_bucket_size 64;
 # server_name_in_redirect off;

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 ##
 # SSL Settings
 ##

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_prefer_server_ciphers on;

 ##
 # Logging Settings
 ##

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 ##
 # Gzip Settings
 ##

 gzip on;
 gzip_disable "msie6";

 # gzip_vary on;
 # gzip_proxied any;
 # gzip_comp_level 6;
 # gzip_buffers 16 8k;
 # gzip_http_version 1.1;
 # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

 ##
 # Virtual Host Configs
 ##

 include /etc/nginx/conf.d/*.conf;
 include /etc/nginx/sites-enabled/*;
}

#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
# server {
#  listen     localhost:110;
#  protocol   pop3;
#  proxy      on;
# }
# 
# server {
#  listen     localhost:143;
#  protocol   imap;
#  proxy      on;
# }
#}

now you can launch chef-client in local mode for install or update your machine:

sudo chef-client -z --runlist "mynginx"

Good Luck!

P.S: You can find the entire code on GitHub

pierangelo1982/my-chef-nginx-recipe
Contribute to my-chef-nginx-recipe development by creating an account on GitHub.github.com

Dockerize an existing cakephp 2.x project

Can be useful as first thing, create a mysql and a phpmyadmin instance:

docker run --name docker-mysql -v /my/path/mysql/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=mypassword --restart always -d mysql

docker run --name docker-phpmyadmin -d --link docker-mysql:db -p 8081:80 -d phpmyadmin/phpmyadmin

In the root folder of your cakephp app create three file (Dockerfile, docker-compose.yml and default.conf):

Dockerfile

FROM php:5-apache
MAINTAINER pierangelo orizio <pierangelo1982@gmail.com>

WORKDIR /var/www/html

COPY ./default.conf /etc/apache2/sites-available/000-default.conf

RUN docker-php-ext-install pdo pdo_mysql

RUN apt-get update && \
  apt-get -y install curl git libicu-dev libpq-dev zlib1g-dev zip && \
  docker-php-ext-install intl mbstring pcntl pdo_mysql pdo_pgsql zip && \
  usermod -u 1000 www-data && \
  usermod -a -G users www-data && \
  chown -R www-data:www-data /var/www && \
  curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
  a2enmod rewrite


COPY . /var/www/html

docker-compose.yml

version: '2'
services:
  web:
    build: .
    ports:
      - "8090:80"
    volumes:
      - ~/my/local/path/html:/var/www/html
    external_links:
      - docker-mysql:db
    network_mode: bridge

default.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/app/webroot

        <Directory /var/www/html/app/webroot>
                Options FollowSymLinks
                AllowOverride all
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

from command line inside the root folder of the project we can launch this commands:

docker-compose build

docker-compose up -d

for more info take a look here:

pierangelo1982/dockerfiles
Contribute to dockerfiles development by creating an account on GitHub.github.com

Dockerize an existing Laravel application with docker-compose

in the main folder of your Laravel app, create a file named Dockerfile and insert this code:

FROM php:7
RUN apt-get update -y && apt-get install -y openssl zip unzip git
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN docker-php-ext-install pdo pdo_mysql
WORKDIR /app
COPY . /app
RUN composer install
CMD php artisan serve --host=0.0.0.0 --port=8181
EXPOSE 8181

In the same main folder of Dockerfile, create a file named docker-compose.yml and insert this code:

version: '2'
services:
  app:
    build: .
    ports:
      - "8009:8000"
    volumes:
      - .:/app
    env_file: .env
    working_dir: /app
    command: bash -c 'php artisan migrate && php artisan serve --host 0.0.0.0'
    depends_on:
      - db
    links:
      - db
  db:
    image: "mysql:5.7"
    environment:
      - MYSQL_ROOT_PASSWORD=yourpassword
      - MYSQL_DATABASE=yourdbname
      - MYSQL_USER=root
      - MYSQL_PASSWORD=yourpassword
    volumes:
      - ./data/:/var/lib/mysql
    ports:
      - "3306:3306"
  phpmyadmin:
    depends_on:
      - db
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - 8090:80
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: yourpassword

Open the terminal command line and go inside the laravel folder, and launch this commands:

docker.compose build

docker-compose up -d

if have need to create and migrate the db, or use other commands, launch the Laravel commands in this way:

docker-compose run app php artisan

The app will available at the address http://0.0.0.0:8009

Django with mysql and phpmyadmin in Docker

Create a container Django in docker is a bit more complicated than other framework, because and I don’t know the why, the official Django image is deprecated from your same creators, and they advise to use an approach based on the creation of a own Dockerfile and docker-compose.

So we start creating a new empty folder, inside this folder we create a file named Dockerfile

In Dockerfile insert this:

FROM python:2.7
 ENV PYTHONUNBUFFERED 1
 RUN mkdir /code
 WORKDIR /code
 ADD requirements.txt /code/
 RUN pip install -r requirements.txt
 ADD . /code/

Now we go to the same folder to create a file called requirements.txt, and in this file we are going to include all the Django packages and libraries which we need in our project (it is the same thing of the command pip install).

Here an example of a file requirements.txt

Django==1.9.8
argcomplete==1.8.2
autopep8==1.2.4
beautifulsoup4==4.5.3
chardet==2.3.0
click==6.7
configparser==3.5.0
Django==1.9.8
django-appconf==1.0.1
django-carton==1.2.1
django-filer==1.2.5
django-filter==1.0.0
django-grappelli==2.9.1
django-image-cropping==1.0.4
django-mptt==0.8.6

Now ever in the same folder we go to create a file named docker-compose.yml, and we going the elements that we want run in docker, so our Django instance, a Mysql Database and a phpmyadmin.

Here how:

version: '2'
services:
  db:
    image: mysql
    ports:
      - "3306:3306"
    environment:
      MYSQL_ROOT_PASSWORD: mypassword
      MYSQL_USER: root
      MYSQL_PASSWORD: mypassword
      MYSQL_DATABASE: django-test
  web:
    build: .
    command: python manage.py runserver 0.0.0.0:8000
    volumes:
      - .:/code
    ports:
      - "8000:8000"
    depends_on:
      - db
  phpmyadmin:
    image: phpmyadmin/phpmyadmin
    environment:
      - PMA_ARBITRARY=1
    restart: always
    ports:
      - 8082:80
    volumes:
      - /sessions

Now open the terminal, go inside the folder and launch this series of commands:

For create the instance:

docker-compose build

Now we check that instances are running:

docker-compose up

Now CTRL-C for stop the instance, and we go now to create a Django project inside the instance, in this way:

docker-compose run web django-admin.py startproject composeexample .

After we can start all the instance in daemon mode, with this:

docker-compose up -d

if it’s all ok, with the command docker ps we should get this in terminal:

And on our browser, at the address http://0.0.0.0:8000/

On the port :8082 (http://0.0.0.0:8082/) you will find phpmyadmin:

I hope that this post can be useful to someone, and for more info take a look at my repository here:

pierangelo1982/dockerfiles
Contribute to dockerfiles development by creating an account on GitHub.github.com

My weekly newsletter

if you want, please Subscribing to my weekly newsletter, you will receive a selection of articles about Start up, AI, technology, programming languages, devops etc…

http://eepurl.com/c2CZ39

Have a nice day!

Docker NGINX and letsencrypt

How Already said in my previous post I’m a novice of docker, and also in this case probably exist better ways for to install a letsencrypt SSL certificate on a container based on official docker image of NGINX.

First thing to do is download the docker image of the certbot Letsencrypt and set two volumes where we can access the certificates that will be created:

sudo docker run -it — rm -p 443:443 -p 83:80 — name certbot \
 -v “/local/path/mycertificate/letsencrypt:/etc/letsencrypt” \
 -v “/local/path/mycertificate/letsencrypt-lib/:/var/lib/letsencrypt” \
certbot/certbot certonly

after that you must follow the automated configuration, declaring the domain that needs of the certificate.

N.B: The certificate creation run correctly only on machine where DNS domain point, on a local machine return an error.

If all Ok, in your local path you should be find a series of folder, and in particular in your /local/path/mycertificate/letsencrypt/ you will find a folder with the name of the domain, example:

/local/path/mycertificate/letsencrypt/mydomain.com

inside that, you will find the certicate.

Now it’s time to install NGINX (you can chek to my previus post for know more):

docker pull nginx

In this instance, we go also to occupy not only the port 80 but also the port 443, we will use it for https://.

And through the “volumes” we share the folder that contain the certificates on our local path with the home folder of nginx.

docker run --name docker-nginx -p 80:80 -p 443:443 -v /local/path/nginx-config/default.conf:/etc/nginx/conf.d/default.conf -v /home/strategylab/nginx-config/nginx.conf:/etc/nginx/nginx.conf -v /home:/home -d nginx

Now the only things that remain to do is call the certicate ssl in default.conf of nginx, adding this 3 lines:

ssl on;
ssl_certificate /home/my/path/certificate/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /home/my/path/certificate/letsencrypt/live/mydomain.com/privkey.pem;

server {
    listen       443;
    server_name  mydomain.com  www.mydomain.com;
    
    ssl on;
    ssl_certificate /home/xxxxx/certificati/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /home/xxxx/certificati/letsencrypt/live/mydomain.com/privkey.pem;




    # Proxying the connections connections
        location / {
            proxy_pass         http://89.46.70.64:8081;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;


}
}

Joomla + MySql + phpMyAdmin in Docker

Ok. I’m a novice of Docker, so probably exists better ways for run Joomla + MySql + phpMyAdmin on Docker, I dont know, but for now this is my way:

MYSQL

First step open the terminal and download MySql Docker Image:

docker pull mysql

After we can start our instance, we will named it test-mysql, root as user and 12345678 as password.

After we must to create a “volumes”, a local folder from the host on the container to store the database files.

docker run --name test-mysql -v /Your/LocalPath/Desktop/mysql-nginx/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=12345678 -d mysql

By default, our mysql should be run on port 3306.

phpMyAdmin

Download phpMyAdmin Docker Image

docker pull phpmyadmin/phpmyadmin

Now we start the instance, naming it test-phpmyadmin and link it to the database mysql test-mysql that we have created before, and run it on the port 8084.

docker run --name test-phpmyadmin -d --link test-mysql:db -p 8084:80 phpmyadmin/phpmyadmin

Now, if we connect with our browser at the address http://localhost:8084 we should have phpMyAdmin login page, and we can access with username: root and password: 12345678

Joomla

Ok, now it’s the turn of Joomla, as already done before, we must download the image:

docker pull joomla

Now we start the instance on the port 8080 with the name of test-joomla, link it at the database and create a volumes.

docker run --name test-joomla --link test-mysql:db -e JOOMLA_DB_HOST=db:3306 -e JOOMLA_DB_USER=root -e JOOMLA_DB_PASSWORD=12345678 -v /your/local/path/Desktop/joomla-docker/joomla_www:/var/www/html -p 80:80 -d joomla

if it’s all correct, at the address http://localhost we should find our joomla installation.

P.S: I’m sorry for my english… i take this blog also as an opportunity for improve my english