Created
March 13, 2023 10:54
-
-
Save naufdotal/299e748f078f705d04d8788c54ad94aa to your computer and use it in GitHub Desktop.
Protect Wordpress Login in Docker container with Fail2Ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#taken from https://github.com/docker/awesome-compose/tree/master/wordpress-mysql | |
services: | |
db: | |
# We use a mariadb image which supports both amd64 & arm64 architecture | |
image: mariadb:10.6.4-focal | |
# If you really want to use MySQL, uncomment the following line | |
#image: mysql:8.0.27 | |
command: '--default-authentication-plugin=mysql_native_password' | |
volumes: | |
- db_data:/var/lib/mysql | |
restart: always | |
environment: | |
- MYSQL_ROOT_PASSWORD=somewordpress | |
- MYSQL_DATABASE=wordpress | |
- MYSQL_USER=wordpress | |
- MYSQL_PASSWORD=wordpress | |
expose: | |
- 3306 | |
- 33060 | |
wordpress: | |
image: wordpress:latest | |
ports: | |
# Run container on 8080, so we can use proxypass it with nginx | |
- 127.0.0.1:8080:80 | |
restart: always | |
environment: | |
- WORDPRESS_DB_HOST=db | |
- WORDPRESS_DB_USER=wordpress | |
- WORDPRESS_DB_PASSWORD=wordpress | |
- WORDPRESS_DB_NAME=wordpress | |
volumes: | |
db_data: | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
root /var/www/html; | |
# Add index.php to the list if you are using PHP | |
index index.html index.htm index.nginx-debian.html; | |
server_name replacewithyourdomain.com; | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_pass http://127.0.0.1:8080/; | |
proxy_ssl_session_reuse off; | |
proxy_set_header Host $http_host; | |
proxy_cache_bypass $http_upgrade; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_read_timeout 900; | |
proxy_redirect off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From docs https://docs.docker.com/engine/install/ubuntu/) | |
sudo apt-get update | |
sudo apt-get install \ | |
ca-certificates \ | |
curl \ | |
gnupg \ | |
lsb-release | |
sudo mkdir -m 0755 -p /etc/apt/keyrings | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ | |
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
sudo apt-get update | |
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#install nginx | |
apt install nginx | |
#install certbot with nginx plugin | |
apt install python3-pip | |
pip install certbot-nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#start nginx with | |
service nginx start | |
#check nginx conf | |
nginx -t | |
#issue ssl certbot | |
certbot --nginx -d replacewithyourdomain.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment