Security hardening of PHP applications using Docker Compose, Nginx and MariaDB

Use Docker Compose, Nginx and MariaDB to implement security hardening of PHP applications

With the frequent occurrence of network attacks and data leaks, protect the security of applications and databases become increasingly important. In PHP applications, using Docker Compose, Nginx and MariaDB can achieve security hardening and provide certain security protection measures. This article explains how to use these tools for security hardening and provides some code examples.

1. Using Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. By using Docker Compose, you can easily manage the running environment, website and database of PHP applications.

First, create a file named docker-compose.yml and copy the following code into it:

version: '3'

services:
  web:
    build: ./web
    ports:
      - 8000:80
    volumes:
      - ./web:/var/www/html
    depends_on:
      - db

  db:
    image: mariadb
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=mydb
    volumes:
      - ./db:/var/lib/mysql

The above code defines two services:web and db. The web service is used to run PHP applications, while the db service is used to run the MariaDB database. The build instruction specifies the Dockerfile used when the web service builds the image. The ports instruction maps the container's port 80 to the host's port 8000. volumes# The ## instruction mounts the local ./web directory to the container's /var/www/html directory for persistent storage and real-time debugging. The depends_on directive specifies that the web service depends on the db service.

Create a folder named

web in the directory where docker-compose.yml is located, and create a folder named Dockerfile in the folder file, and copy the following code into it:

FROM php:7.4-apache

RUN apt-get update 
    && apt-get install -y libpq-dev 
    && docker-php-ext-install pdo pdo_mysql mysqli

The above code uses the officially provided PHP 7.4 Apache image as the base image, and installs extensions for MariaDB and PostgreSQL.

Using Nginx

Nginx is a high-performance HTTP and reverse proxy server that can be used to protect PHP applications from common web attacks. We will configure some security measures using Nginx.

Create a folder named

nginx in the directory where the web service is located, and create a folder named default.conf# in the folder ## file and copy the following code into it: <pre class='brush:nginx;toolbar:false;'>server { listen 80; root /var/www/html; index index.php index.html index.htm; server_name localhost; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ .php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } location ~ /.ht { deny all; } }</pre>The above code defines an Nginx virtual host and sets the basic website configuration. The

root

directive specifies the root directory of website files, and the index directive specifies the default index file. The location directive is used to process URL requests, the try_files directive attempts to match a file, and if the file does not exist, redirects the request to the index.php file. The fastcgi directive is used to process PHP files and pass the request to the PHP-FPM process.

Using MariaDB

3. MariaDB is an open source relational database management system that can be used to store and manage application data. We will use MariaDB to store the data of the PHP application and set up some security measures.

Create a folder named

db

in the directory where docker-compose.yml is located, and create a folder named my in the folder .cnf file and copy the following code into it: <pre class='brush:ini;toolbar:false;'>[mysqld] bind-address = 0.0.0.0</pre>The above code specifies the IP address bound to MariaDB as

0.0.0.0

to allow data from any IP address Connection. This increases the accessibility of the database.

Run the container

4. Navigate in the terminal to the directory where

docker-compose.yml

is located and run the following command to start the container: <pre class='brush:php;toolbar:false;'>docker-compose up -d</pre>This command will build and start the containers for the

web

and db services. The -d parameter is used to run the container in the background. So far, we have successfully implemented security hardening of PHP applications using Docker Compose, Nginx and MariaDB. By using a containerized programming environment, we can easily manage and secure applications and databases, providing a certain level of security.

The above is the detailed content of Security hardening of PHP applications using Docker Compose, Nginx and MariaDB. For more information, please follow other related articles on the PHP Chinese website!