How to secure your website ? Docker !


I worked these few days how to secure my website and limit the impact in case of attack. Linux is secure but there are always bugs and breaks….generally into the plugins, templates, etc…

I have explored all the possibility under Linux and I choose Docker to secure my website : It takes more memory because you create several instances but you isolates and limits  the impact in case of attach.

To install Docker under Linux (Ubuntu), follow these steps:

apt-key adv --keyserver hkp:// --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

Enable the repository corresponding to your Ubuntu version:

## Debian Wheezy
#deb debian-wheezy main

## Debian Jessie
#deb debian-jessie main

## Debian Stretch/Sid
#deb debian-stretch main

## Ubuntu Precise
#deb ubuntu-precise main

## Ubuntu Trusty
#deb ubuntu-trusty main

## Ubuntu Utopic
#deb ubuntu-utopic main

## Ubuntu Vivid
#deb ubuntu-vivid main

## Ubuntu Wily
#deb ubuntu-wily main

Then install docker:

# apt-get install docker-engine

You will find below my Dockerfile to run php5-fpm and mysql:

FROM ubuntu
MAINTAINER Nicolas Portais <...>
RUN apt-get update && apt-get install -y mariadb-server-5.5 mariadb-client-5.5 php5-fpm php5-imap php5-mysql php5-cli php5-imap php5-curl libcurl3 libcurl3-gnutls php5-cli php5-gd php5-imagick php5-mcrypt php5-readline openssh-client telnet supervisor && apt-get clean
RUN touch /var/log/php5-fpm.log
RUN chown  www-data /var/log/php5-fpm.log
RUN touch /var/run/
RUN chown www-data /var/run/
RUN rm /etc/php5/fpm/pool.d/www.conf
COPY www.conf /etc/php5/fpm/pool.d/
COPY s_mysqld.conf /etc/supervisor/conf.d/
COPY s_php5-fpm.conf /etc/supervisor/conf.d/
RUN chmod 755 /
ADD ./my.cnf /etc/mysql/

Then build the container :

docker build -t ubuntu/wordpress .

I am running my container for wordpress:

docker run -d -it  \
	       -v /data/mysql:/data/mysql \
               -v /www:/www \
	       -p \
	--name mycontainer \
	--restart=always \
	--hostname container1 \
	ubuntu/wordpress /

Below the script I am using to run the container :

supervisord &
exec /bin/bash

The tip here is to use ‘exec’ for a bash shell 😉

Then modify your apache or nginx configuration to use the above forwarded port:

You will find below the supervisord configuration files I am using into my Dockerfile:

# cat s_mysqld.conf
command=usr/bin/pidproxy /var/run/mysqld/ /usr/bin/mysqld_safe

# cat s_php5-fpm.conf
command = /usr/bin/pidproxy /var/run/ /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf

You have now a more secured environment and at least, isolated !

If needed, you can check the Docker’s documentation.

I have not yet tested with magento but I will update this article when I will have test !

Et voila !

Nicolas Portais
Author Photographer

Ce contenu a été publié dans Anglais, Computer / Technic / Technology, avec comme mot(s)-clé(s) , , , , , , , , , , , . Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Captcha (solve the arithmetic equation) * Time limit is exhausted. Please reload CAPTCHA.