Ubuntu Docker container for Laravel web applications
Required and optional packages are bundled into a single container, based on Ubuntu 14.04 server.
These services run with process supervision, using Supervisor:
- php5-fpm (with php5-mcrypt, php5-mysqlnd, and php5-curl)
Additionally, these services can optionally be enabled for process supervision (see below):
- artisan queue:listen
- selenium server (for testing, not production)
These packages are preinstalled:
- nodejs with npm
- php5-xdebug (installed, but disabled by default, see below)
- python (*dependency for supervisord)
- default-jre (*dependency for Selenium server)
I've modified this container image in 2 key places for mirroring a production run. First, I've removed all trace of a DB instance running locally on the container - either MySQL or PostgreSQL. Ideally, you'd want either of them running on a separate container or via a dynamically hosted instance (even for Dev environments). Second, self-signed SSL cert/key pair have been introduced during provisioning, though for production you will need to replace them with a CA signed cert/key. No matter what the project or content request/response, use SSL as a means for securing any HTTP traffic. Nginx is configured to handle the automatic redirect, as well.
Running a container
1. Download the public Docker image from Dockerhub:
docker pull syardumi/docker-laravel
2. Run the Docker image as a new Docker container:
docker run -d \ -p 80:80 -p 443:443 \ -v /home/app:/share \ --restart=always \ --name=appname \ syardumi/docker-laravel
Replace '/home/app' with the local path to the Laravel application's root directory in the host. This directory is a shared volume and so can be used to access the application files in either the host or the container. '/share' represents the path in the container.
Connecting to a container with SSH
Development use (insecure)
Docker-laravel ships with SSH server for accessing a terminal inside the container. For convenience, it is preconfigured
with an insecure key that should be replaced for production use. To connect with the insecure key:
1. Fetch the insecure SSH key:
cd /home/ curl -o insecure_key -fSL https://raw.githubusercontent.com/syardumi/docker-laravel/master/provision/keys/insecure_key chown `whoami` insecure_key chmod 600 insecure_key
2. Find the I.P. address of the container:
docker inspect container_name | grep IPA
3. Connect with SSH:
ssh -i /home/insecure_key root@<IP address>
For production, replace the insecure private key with a true private key:
1. In the host, generate a new public-private key pair (enter 'production.key') when prompted:
cd /home sudo ssh-keygen -t rsa sudo chmod 644 production.key
There should then be two new files in the /home directory: i) production.key ii) production.key.pub
2. Copy production.key.pub to /root/.ssh/authorized_keys in the container. Note this is an overwrite, not an append
(so all previously valid keys, including insecure_key will be removed).
cat /home/production.key.pub | ssh -i /home/insecure_key root@<IP address> "cat > /root/.ssh/authorized_keys"
3. Connect with SSH:
ssh -i /home/production.key root@<IP address>
supervisorctl can be used to control the processes that are managed by supervisor.
In the container:
Laravel (the skeleton framework for an app) is not bundled in the Docker image. Laravel skeleton, or your own application, need to be installed manually:
In the container:
cd /share git clone https://github.com/laravel/laravel . composer install
The queue listener (php artisan queue:listen) can be added as supervised process by uncommenting the lines in
/etc/supervisord/queue.conf (in the container).
The XDEBUG PHP extension is installed but not enabled by default. To enable it, uncomment the lines in
Selenium server is no longer installed by default (due to large size - it requires the JRE as a dependency).
It can be installed manually in a container by running:
Uncomment the lines in /etc/supervisord/selenium.conf to add selenium as a supervised process.