Finish inception project

Author: seungwonme

docker/inception/Makefile

@@ -28,38 +28,40 @@ BG_DEFAULT = \033[49m
 RESET = \033[0m
 
 up:
-	@docker-compose up -d
-	@echo "$(FG_GREEN)Connect to $(FG_WHITE)$(UNDERLINE)http://localhost$(RESET)"
+	@docker-compose -f srcs/docker-compose.yml up -d
+	@echo "$(FG_GREEN)Connect to $(FG_WHITE)$(UNDERLINE)https://localhost$(RESET)"
 
 build:
-	@docker-compose build
+	@docker-compose -f srcs/docker-compose.yml build
 
 down:
-	@docker-compose down
+	@docker-compose -f srcs/docker-compose.yml down
 	@echo "$(FG_RED)Disconnected$(RESET)"
 
 stop:
-	@docker-compose stop
+	@docker-compose -f srcs/docker-compose.yml stop
 	@echo "$(YELLOW)Stopped$(RESET)"
 
 start:
-	@docker-compose start
 	@echo "$(FG_GREEN)Started$(RESET)"
+	@docker-compose -f srcs/docker-compose.yml start
+	@echo "$(FG_GREEN)Connect to $(FG_WHITE)$(UNDERLINE)https://localhost$(RESET)"
 
 re:
 	@echo "$(FG_GREEN)Restarted$(RESET)"
-	@docker-compose restart
+	@docker-compose -f srcs/docker-compose.yml restart
+	@echo "$(FG_GREEN)Connect to $(FG_WHITE)$(UNDERLINE)https://localhost$(RESET)"
 
 logs:
 	@echo "$(FG_CYAN)Logging$(RESET)"
-	@docker-compose logs -f
+	@docker-compose -f srcs/docker-compose.yml logs -f
 
 ps:
 	@echo "$(FG_MAGENTA)Status$(RESET)"
-	@docker-compose ps
+	@docker-compose -f srcs/docker-compose.yml ps
 
 clean:
-	@docker-compose down -v
+	@docker-compose -f srcs/docker-compose.yml down -v
 	@docker system prune -af --volumes
 	@echo "$(FG_BLUE)Cleaned up$(RESET)"
 

docker/inception/README.md

@@ -0,0 +1,57 @@
+[Docker Compose를 이용하여 워드프레스 설치하기 > 우분투 서버 | 우성짱의 NAS](https://www.wsgvet.com/bbs/board.php?bo_table=ubuntu&wr_id=97)
+
+[custom setup](https://codingwithmanny.medium.com/custom-wordpress-docker-setup-8851e98e6b8)
+
+
+[WordPress Installation](https://www.hostinger.com/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu/?ppc_campaign=google_search_generic_hosting_all&bidkw=defaultkeyword&lo=1009871)
+
+[Setup WordPress on Ubuntu 22.04 with Nginx and MariaDB | Works With The Web](https://www.workswiththeweb.com/wordpress/2024/01/14/Setup-WordPress-Ubuntu-Nginx/)
+
+
+Docker 볼륨 내의 컨텐츠를 확인하는 방법 중 하나는 Docker 컨테이너를 사용하여 해당 볼륨을 마운트하고, 그 내부를 탐색하는 것입니다. 위에서 제공된 출력을 바탕으로, `srcs_dbdata` 볼륨 안의 컨텐츠를 확인하는 방법을 설명하겠습니다.
+
+1. **임시 컨테이너 생성 및 볼륨 마운트**
+
+볼륨 내용을 확인하기 위해, 임시 컨테이너를 생성하고 `srcs_dbdata` 볼륨을 마운트할 수 있습니다. 이를 위해, 일반적으로 사용되는 `alpine` 이미지(또는 다른 Linux 배포판)를 사용할 수 있습니다. `alpine`은 가벼운 Linux 배포판으로, 파일 탐색에 필요한 기본 도구를 제공합니다.
+
+```bash
+docker run -it --rm --volume srcs_dbdata:/data alpine sh
+```
+
+위 명령어는 다음과 같이 작동합니다:
+- `docker run`: 새로운 컨테이너를 실행합니다.
+- `-it`: 대화형 터미널을 활성화합니다.
+- `--rm`: 컨테이너가 종료되면 자동으로 제거합니다.
+- `--volume srcs_dbdata:/data`: `srcs_dbdata` 볼륨을 컨테이너의 `/data` 디렉토리에 마운트합니다.
+- `alpine`: 사용할 이미지입니다.
+- `sh`: 실행할 명령입니다. `sh` 셸을 시작합니다.
+
+2. **볼륨 내부 탐색**
+
+컨테이너 내부에서 `/data` 디렉토리로 이동하여 볼륨 내부를 탐색할 수 있습니다.
+
+```bash
+cd /data
+ls -l
+```
+
+- `cd /data`: `/data` 디렉토리로 이동합니다.
+- `ls -l`: 현재 디렉토리의 파일 및 디렉토리 목록을 상세하게 출력합니다.
+
+3. **필요한 작업 수행**
+
+볼륨 내부에서 필요한 모든 작업을 수행할 수 있습니다. 예를 들어, 파일을 읽거나, 수정하거나, 새 파일을 생성할 수 있습니다.
+
+4. **컨테이너 종료**
+
+작업을 마친 후에는 `exit` 명령을 입력하여 컨테이너에서 나갈 수 있습니다. `--rm` 플래그가 설정되어 있으므로, 컨테이너는 자동으로 제거됩니다.
+
+이 방법을 사용하면 별도의 서비스 중단 없이 Docker 볼륨 내의 데이터를 안전하게 탐색하고 관리할 수 있습니다. 
+
+이런 자료를 참고했어요.
+[1] Learn Microsoft - 볼륨 인식 방법 - Windows drivers (https://learn.microsoft.com/ko-kr/windows-hardware/drivers/ifs/how-the-volume-is-recognized)
+[2] Autodesk - Flame에 대한 vic(볼륨 무결성 확인) 사용 방법 (https://www.autodesk.co.kr/support/technical/article/caas/sfdcarticles/sfdcarticles/KOR/Using-vic-Volume-Integrity-Check.html)
+[3] AWS Documentation - Amazon EBS 볼륨에 대한 정보 보기 (https://docs.aws.amazon.com/ko_kr/ebs/latest/userguide/ebs-describing-volumes.html)
+[4] Microsoft Community - 사내 전체 볼륨 라이센스 제품키 확인 (https://answers.microsoft.com/ko-kr/windows/forum/all/%EC%82%AC%EB%82%B4-%EC%A0%84%EC%B2%B4/079b4530-5b1b-4025-b410-334cf6cf55e7) 
+
+뤼튼 사용하러 가기 > https://agent.wrtn.ai/5xb91l

docker/inception/srcs/.env

@@ -2,5 +2,6 @@ DOMAIN_NAME=seunan.42.fr
 
 # MYSQL SETUP
 MYSQL_ROOT_PASSWORD=rt0406
+MYSQL_DATABASE=wordpress
 MYSQL_USER=seunan
 MYSQL_PASSWORD=db0406

docker/inception/srcs/docker-compose.yml

@@ -1,19 +1,24 @@
+# https://github.com/compose-spec/compose-spec/blob/master/spec.md
+# https://github.com/docker/awesome-compose/blob/master/official-documentation-samples/wordpress/README.md
+
 services:
     mariadb:
         build:
             context: ./requirements/mariadb
             # dockerfile: Dockerfile # 파일명이 Dockerfile이 아니면 명시해줘야 함
         container_name: mariadb
-        restart: unless-stopped
+        restart: on-failure
         env_file: .env
         # .env 파일에 정의된 것 외에 추가 환경 변수를 추가
         environment:
-            - MYSQL_DATABASE=wordpress
+            - MYSQL_DATABASE=$MYSQL_DATABASE
         # dbdata라는 명명된 볼륨을 /var/lib/mysql 디렉토리에 마운트
+        ports:
+            - "3306"
         volumes:
             - dbdata:/var/lib/mysql
         # 이미지에 대한 기본 CMD 지침을 재정의
-        command: "--default-authentication-plugin=mysql_native_password"
+        # command: "--default-authentication-plugin=mysql_native_password"
         networks:
             - app-network
     wordpress:
@@ -22,13 +27,15 @@ services:
         build:
             context: ./requirements/wordpress
         container_name: wordpress
-        restart: unless-stopped
+        restart: on-failure
         env_file: .env
         environment:
             - WORDPRESS_DB_HOST=mariadb:3306
             - WORDPRESS_DB_USER=$MYSQL_USER
             - WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
-            - WORDPRESS_DB_NAME=wordpress
+            - WORDPRESS_DB_NAME=$MYSQL_DATABASE
+        ports:
+            - "9000"
         volumes:
             - wordpress:/var/www/html
         networks:
@@ -39,27 +46,15 @@ services:
         build:
             context: ./requirements/nginx
         container_name: webserver
-        restart: unless-stopped
+        restart: on-failure
         ports:
-            - "80:80"
+            - "443:443"
         volumes:
             - wordpress:/var/www/html
-            - ./nginx-conf:/etc/nginx/conf.d
-            - certbot-etc:/etc/letsencrypt
         networks:
             - app-network
-    certbot:
-        depends_on:
-            - webserver
-        image: certbot/certbot
-        container_name: certbot
-        volumes:
-            - certbot-etc:/etc/letsencrypt
-            - wordpress:/var/www/html
-        command: certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --no-eff-email --staging -d seunan.42.fr -d www.seunan.42.fr
 
 volumes:
-    certbot-etc:
     wordpress:
     dbdata:
 

docker/inception/srcs/requirements/mariadb/Dockerfile

@@ -1,12 +1,25 @@
+# https://github.com/yobasystems/alpine-mariadb/blob/master/alpine-mariadb-aarch64/Dockerfile
+
 # Base image
 FROM alpine:3.18
 
-RUN apk update \
-    && apk add mariadb-server
+RUN apk update && \
+    apk add --no-cache mariadb mariadb-client mariadb-server-utils && \
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /scripts /var/log/mysql/ && \
+    touch /var/log/mysql/error.log && \
+    chown -R mysql:mysql /var/log/mysql/
 
 EXPOSE 3306
 
-HEALTHCHECK --start-period=5m \
-    CMD mariadb -e 'SELECT @@datadir;' || exit 1
+COPY tools/run.sh /scripts/run.sh
+COPY conf/mariadb-server.cnf /etc/my.cnf.d/mariadb-server.cnf
+
+RUN chmod -R 755 /scripts
+
+# HEALTHCHECK --start-period=5m \
+#     CMD mariadb -e 'SELECT @@datadir;' || exit 1
+
+VOLUME ["/var/lib/mysql"]
 
-CMD ["mariadbd"]
+ENTRYPOINT ["/scripts/run.sh"]

docker/inception/srcs/requirements/mariadb/README.md

@@ -1,5 +1,8 @@
 # MariaDB Container
 
 [MariaDB - Alpine Linux](https://wiki.alpinelinux.org/wiki/MariaDB)
-[Running mysql in the foreground in centos - Stack Overflow](https://stackoverflow.com/questions/24563762/running-mysql-in-the-foreground-in-centos)
 [MariaDB](https://mariadb.com/kb/en/creating-a-custom-container-image/)
+
+[Mysql 사용자 조회/추가/생성/삭제](https://technote.kr/32)
+[SQL 기초 & 자주쓰는 쿼리문 정리](https://365kim.tistory.com/102)
+[Create a new MariaDB database and user](https://docs.bitnami.com/virtual-machine/apps/wordpress/configuration/create-database-mariadb/)

docker/inception/srcs/requirements/mariadb/conf/mariadb-server.cnf

@@ -0,0 +1,42 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+log_error = /var/log/mysql/error.log
+skip-networking
+
+# Galera-related settings
+[galera]
+# Mandatory settings
+#wsrep_on=ON
+#wsrep_provider=
+#wsrep_cluster_address=
+#binlog_format=row
+#default_storage_engine=InnoDB
+#innodb_autoinc_lock_mode=2
+#
+# Allow server to accept connections on all interfaces.
+#
+bind-address=0.0.0.0
+#
+# Optional setting
+#wsrep_slave_threads=1
+#innodb_flush_log_at_trx_commit=0
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.5 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.5]

docker/inception/srcs/requirements/mariadb/tools/run.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+# https://github.com/yobasystems/alpine-mariadb/blob/master/alpine-mariadb-aarch64/files/run.sh
+
+if [ -d "/run/mysqld" ]; then
+	chown -R mysql:mysql /run/mysqld
+else
+	mkdir -p /run/mysqld
+	chown -R mysql:mysql /run/mysqld
+fi
+
+if [ -d /var/lib/mysql/mysql ]; then
+	chown -R mysql:mysql /var/lib/mysql
+else
+	chown -R mysql:mysql /var/lib/mysql
+
+	mysql_install_db --user=mysql --ldata=/var/lib/mysql > /dev/null
+
+	tfile=`mktemp` # https://www.tutorialspoint.com/unix_commands/mktemp.htm
+	if [ ! -f "$tfile" ]; then
+		return 1
+	fi
+
+	cat << EOF > $tfile
+
+USE mysql;
+FLUSH PRIVILEGES ;
+GRANT ALL ON *.* TO 'root'@'%' identified by '$MYSQL_ROOT_PASSWORD' WITH GRANT OPTION ;
+GRANT ALL ON *.* TO 'root'@'localhost' identified by '$MYSQL_ROOT_PASSWORD' WITH GRANT OPTION ;
+GRANT ALL ON wordpress.* TO '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' WITH GRANT OPTION;
+GRANT ALL ON wordpress.* TO '$MYSQL_USER'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WITH GRANT OPTION;
+SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+CREATE DATABASE wordpress;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
+EOF
+
+	/usr/bin/mysqld --user=mysql --bootstrap --verbose=0 --skip-name-resolve --skip-networking=0 < $tfile
+	# rm -f $tfile
+fi
+
+exec /usr/bin/mysqld --user=mysql --console --skip-name-resolve --skip-networking=0 $@
+
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE wordpress;"
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "CREATE USER '$MYSQL_USER'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';"
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD';"
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON wordpress.* TO '$MYSQL_USER'@'localhost';"
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON wordpress.* TO '$MYSQL_USER'@'%';"
+# mysql -u root -p$MYSQL_ROOT_PASSWORD -e "FLUSH PRIVILEGES;"

docker/inception/srcs/requirements/nginx/Dockerfile

@@ -1,10 +1,10 @@
 # Base image
 FROM alpine:3.18
 
-RUN apk update \
-    && apk add --no-cache nginx openssl \
-    && mkdir -p /var/www/html /var/www/css /etc/nginx/ssl \
-    && openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=KR/ST=Seoul/L=Seoul/O=42Seoul/OU=Cadet/CN=localhost"
+RUN apk update && \
+    apk add --no-cache nginx openssl && \
+    mkdir -p /etc/nginx/ssl /var/www/html && \
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=KR/ST=Seoul/L=Seoul/O=42Seoul/OU=Cadet/CN=localhost"
 
 # Copy the configuration file
 COPY conf/default.conf /etc/nginx/http.d/default.conf

docker/inception/srcs/requirements/nginx/conf/default.conf

@@ -1,25 +1,35 @@
-# This is a default site configuration which will simply return 404, preventing
-# chance access to any other virtualhost.
 server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
+    listen 443 ssl default_server; # 443번 포트를 사용하고, 기본 서버로 설정한다. IPv4
+    listen [::]:443 ssl default_server; # 윗줄과 동일하나, IPv6
+    server_name localhost;
 
-    root /var/www/localhost/htdocs;
-    index index.php index.html index.htm;
+    # SSL Configuration
+    ssl_certificate /etc/nginx/ssl/nginx.crt;
+    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+    ssl_protocols TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5; # HIGH: 모든 암호화 알고리즘을 사용하되, aNULL과 MD5는 사용하지 않는다.
+
+    root /var/www/html; # 웹 서버의 루트 디렉토리를 설정한다.
+    index index.php index.html index.htm; # 기본 문서를 설정(우선순위 순서대로)
     location / {
         try_files $uri $uri/ /index.php?$query_string;
     }
-    # You may need this to prevent return 404 recursion.
+
+    # 특정 경로에 대한 설정을 정의하는 블록
     location = /404.html {
         internal;
     }
+
     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
     location ~ \.php$ {
         try_files $uri /index.php =404;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass 0.0.0.0:9000;
+        fastcgi_pass wordpress:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
     }
+
+    # Client request size limit: 클라이언트가 보낼 수 있는 요청 본문의 최대 크기를 제한하여 이는 대량의 데이터 업로드를 방지하거나 DDoS 공격을 완화하는 데 도움
+    client_max_body_size 10m;
 }