Deployment Overview of LEMP on Server¶
Prerequisites and Basic Requirements¶
The deployment requires a server running Ubuntu with root privileges. The system must have Docker installed and configured to manage containers. The following ports must be available and open on the server firewall:
-
Port
88for HTTP traffic (mapped to container port80). -
Port
3306for MySQL database access. -
Port
5432for PostgreSQL database access.
File and Directory Structure¶
The application utilizes specific directories on the host system to persist data and serve web content. These directories are created with root ownership and 0755 permissions:
-
/root/data: Stores MySQL database files. -
/root/webroot: Stores the web application files served by Nginx. -
/data/nginx: Contains Nginx configuration files and environment variables for the proxy service. -
/etc/letsencrypt: Stores SSL certificates managed by the Nginx container.
Application Installation Process¶
The core LEMP stack is deployed using a Docker container. The installation process involves pulling the adhocore/lemp image with the 8.3 tag. The container is named lemp-stack and is configured to restart automatically upon failure or system reboot.
The container is launched with the following specifications:
-
Image:
adhocore/lemp:8.3 -
Container Name:
lemp-stack -
Restart Policy:
always
Databases¶
The LEMP container provides access to both MySQL and PostgreSQL databases.
-
MySQL: Data is persisted in the
/root/datadirectory on the host, mapped to/var/lib/mysqlinside the container. The root password for MySQL is set via theMYSQL_ROOT_PASSWORDenvironment variable. -
PostgreSQL: Accessible via port
5432.
Docker Containers and Their Deployment¶
The deployment utilizes two primary Docker components: the LEMP stack and the Nginx proxy.
LEMP Stack Container¶
The main application container is deployed with the following configuration:
-
Network: Connected to a custom Docker network named
lemp-net. -
Ports:
-
Host port
88maps to container port80. -
Host port
3306maps to container port3306. -
Host port
5432maps to container port5432. -
Volumes:
-
/root/datamounted to/var/lib/mysql. -
/root/webrootmounted to/var/www/html. -
Environment:
-
MYSQL_ROOT_PASSWORDis set dynamically based on the SSH password.
Nginx Proxy Container¶
A separate Nginx container is deployed to handle SSL termination and reverse proxying. It uses the jonasal/nginx-certbot:latest image.
-
Restart Policy:
unless-stopped. -
Network Mode:
host. -
Environment:
-
CERTBOT_EMAILis set to[email protected]. -
Additional environment variables are loaded from
/data/nginx/nginx-certbot.env. -
Volumes:
-
An external volume named
nginx_secretsis mounted to/etc/letsencrypt. -
The host directory
/data/nginx/user_conf.dis mounted to/etc/nginx/user_conf.dfor custom Nginx configurations.
Proxy Servers¶
The Nginx container acts as the reverse proxy and SSL manager for the application. It is configured to use Let's Encrypt for SSL certificate management via Certbot.
-
Email: Certbot notifications are sent to
[email protected]. -
Configuration: Custom Nginx configurations are placed in
/data/nginx/user_conf.don the host, which are accessible inside the container at/etc/nginx/user_conf.d. -
SSL Storage: Certificates are stored in the
nginx_secretsvolume, mounted at/etc/letsencrypt.
Permission Settings¶
The host directories used for data persistence are created with specific ownership and permissions:
-
/root/dataand/root/webrootare owned byroot:rootwith mode0755. -
The Nginx configuration directory
/data/nginxmust be accessible by the Nginx container running in host network mode.
Starting, Stopping, and Updating¶
The LEMP stack is managed as a Docker container named lemp-stack. Standard Docker commands are used to control the service:
-
Start:
docker start lemp-stack -
Stop:
docker stop lemp-stack -
Restart:
docker restart lemp-stack -
Update: To update the application, pull the latest image and recreate the container:
The Nginx proxy container is managed similarly using its specific image and configuration parameters.