A Docker-based micro-infrastructure that provisions a self-hosted WordPress stack fronted by Nginx and backed by MariaDB. Everything is orchestrated with Docker Compose and reproducible through a simple Makefile.
- Nginx: reverse proxy + TLS termination (ports 80/443)
- WordPress (PHP-FPM): application container
- MariaDB: relational database
- Bridge network:
inception-network - Bind-mounted data volume: persists website files and database data
srcs/docker-compose.yml: Compose file defining services, network, and the persistent volumesrcs/requirements/: Dockerfiles and configs fornginx,wordpress, andmariadbsecrets/tls/: expected location for TLS key/cert used by NginxMakefile: helper targets to build, run, and clean the environment
Create a .env file in srcs/ next to docker-compose.yml. The following variables are referenced:
-
WordPress/site
WP_URL(domain used by WordPress and Nginx)WP_ADMIN_USERWP_ADMIN_PASSWORDWP_ADMIN_EMAILWP_USERWP_USER_EMAILWP_USER_PASSWORD
-
Database
DB_NAMEDB_USERDB_PASSWORDDB_HOST(should match the DB service hostname, e.g.mariadb)
Example:
WP_URL=example.local
WP_ADMIN_USER=admin
WP_ADMIN_PASSWORD=change-me
WP_ADMIN_EMAIL=admin@example.local
WP_USER=author
WP_USER_EMAIL=author@example.local
WP_USER_PASSWORD=change-me
DB_NAME=wordpress
DB_USER=wpuser
DB_PASSWORD=change-me
DB_HOST=mariadbPlace the file at: srcs/.env
Nginx expects TLS materials mounted at secrets/tls in the project root, which are mapped into the container at /etc/nginx/secrets.
- Directory:
secrets/tls/ - Recommended filenames:
server.crtandserver.key
Generate self-signed certs (example):
openssl req -x509 -newkey rsa:2048 -nodes -keyout secrets/tls/server.key -out secrets/tls/server.crt -days 365 -subj "/CN=example.local"Update example.local to match your WP_URL.
The bind-mounted volume is configured in srcs/docker-compose.yml to point to a host path:
volumes:
web_data:
driver: local
driver_opts:
type: none
o: bind
device: /home/bruno/dataIf you change it, keep the rest of the volume configuration the same.
The Makefile wraps common Docker Compose actions against srcs/docker-compose.yml.
make(defaultALL): build and start the stack in the foregroundmake re: prune old resources, recreate the stack from scratchmake fclean: stop and remove all containers, images, volumes, and networks on your system (destructive)
Commands executed (for reference):
ALL:
docker compose -f ./srcs/docker-compose.yml up --build
re: fclean
docker system prune -a -f
docker compose -f ./srcs/docker-compose.yml down -v
docker compose -f ./srcs/docker-compose.yml up --build
fclean:
docker stop $$(docker ps -qa) || true
docker rm $$(docker ps -qa) || true
docker rmi -f $$(docker images -qa) || true
docker volume rm $$(docker volume ls -q) || true
docker network rm $$(docker network ls -q) || true- Create
srcs/.envwith the variables listed above. - Put TLS files in
secrets/tls/(server.crt,server.key). - Ensure the data directory configured at
volumes.web_data.driver_opts.deviceexists and is accessible by Docker. - Optionally add your domain (e.g.
example.local) to the hosts file. - Start the stack:
make
- Access:
- HTTP:
http://<WP_URL>(orhttp://localhostif using raw ports) - HTTPS:
https://<WP_URL>
- HTTP:
On first run, WordPress will auto-configure using the provided environment variables.
-
nginx- Builds from
srcs/requirements/nginx/ - Listens on host ports
80and443 - Mounts
web_dataat/var/www/htmland TLS secrets at/etc/nginx/secrets - Depends on
wordpressandmariadb
- Builds from
-
wordpress- Builds from
srcs/requirements/wordpress/ - Receives DB and site settings via environment variables
- Mounts
web_dataat/var/www/html
- Builds from
-
mariadb- Builds from
srcs/requirements/mariadb/ - Receives DB name/user/password via environment variables
- Mounts
web_dataat/var/lib/mysql
- Builds from