Quickly setup WordPress & SSL via Let’s Encrypt and Certbot using Docker Compose
If you’re like me, you’ve probably already spent a large amount of time messing about trying to get WordPress working with SSL. If that’s the case, or you just want to see the code here is the link:
If you want a bit more detail, then feel free to peruse the guide at your leisure.
Please note this guide assumes you have a basic understanding of using docker and docker-compose. I’ve purposely kept this simple and skipped over lots of the complexity because I know if you are anything like me you will want to copy and paste bits and add them to your setup.
Also, I haven’t performed any sort of security review on this solution so please use at your own risk!
Setting up the database
In order to run WordPress we need to initialise a database, to keep things simple I opted to use MySQL. As you can see from the service definition, there is nothing too complicated, but don’t forget to update the credentials.
To get started, we pull the latest official WordPress image. Notice how we have set the hostname to ‘wordpress’? Keep this in mind for later.
This gives us a variety of options to choose from including:
Mounting the wp-content folder
This allows us to access to themes, plugins and other 3rd party libraries without changing the core files. Please note, you will need to configure file permissions accordingly. In my experience WordPress seems to like the user / group to be www-data.
Including a custom.ini file
This is useful for manually setting PHP configuration variables.
Defining DB connection details
These should match the values you defined in the MySQL service definition. When setting up the container group, these values are written to the config.php file, meaning you don’t need to mount it directly.
Adding additional configuration
Useful for defining constants, such as ‘WP_MEMORY_LIMIT’ as per the example. You can add other settings on a new line if required.
Including Let’s Encrypt
The final part of the docker-compose file involves setting up SSL via Let’s Encrypt and Certbot. This was definitely the part I had the most issue with. You will just need to make sure you update the email address and url to reflect your details. For more information about how PUID and PGID work you can read the documentation on LinuxServer.
The basic idea is to setup a simple reverse proxy using NGINX to handle the SSL and route the requests to the apache server. You are able to see this in action if you look at the default configuration file. Remember when I said to take notice of the hostname earlier? Well you can see that this is used within the final location directive as part of the proxy_pass setting (http://wordpress). You will also notice that by default all http requests on port 80 are forwarded to serve over https on port 443.
Putting it all together
Now you know what everything does, but how do you get it up and running?
Before you run anything you will need to make changes to your DNS if you haven’t already. If you have got a compute service running on something like AWS or Azure you should be able to find the IP address on the overview page.
Once that is complete technically, all you should need to do is run the following command:
$ docker-compose up
If you want to run it in the background you can just add the -d flag for detached mode.
$ docker-compose up -d
This will download all of the images and run the install scripts. Certbot should automatically run and make the provisions for your certificates from Let’s Encrypt. The best part is that you really don’t have to do anything other than sit back and watch.
I hope you enjoyed reading this guide and hopefully it will save at least one person the many hours I spent trying to get this all working together nicely. Yes I know it’s probably not production worthy, but it does work.