This repo provides a rock-solid, secure, and production-ready container setup for deployment of Willow CMS on AWS AppRunner.
- Overview
- Installation
- Configuration
- Docker Compose Files
- Nginx Configuration
- Supervisord Configuration
- Security Considerations
- Willow CMS Version
- Useful Commands
- Thanks To
This repository provides a containerized setup for Willow CMS, optimized for deployment on AWS AppRunner. The setup for production includes:
- Nginx: A high-performance web server and reverse proxy.
- PHP-FPM: FastCGI Process Manager for PHP, ensuring efficient handling of PHP requests.
- Redis: An in-memory data structure store used as the back end for CakePHP Queues
- Supervisor: A process control system for managing long-running processes, including CakePHP queue runners, PHP-FPM and nginx.
To get started, clone this repository and ensure you have Docker installed on your system. Follow the instructions below to set up the environment.
The container uses environment variables for configuration, allowing seamless integration with AWS AppRunner. You should set up AWS Secrets Manager and use the example docker-compose file for the bare minimum set of environment variables you need to setup values for.
The docker compose files are examples. You'll see they set environment variables used through the DockerFile and also the config/shell/setup.sh
script. You should create a docker-compose.yml
locally and use that to build your Willow CMS docker images for production. The .gitignore
file is set to ignore that file to reduce the risk of comiting to the repo.
This is used to build production images. It will not run on your host machine on docker as it is configured to connecto to a MySQL Server via an environment variable and the docker file has no other containers than willowcms
.
- WillowCMS: The main application container, running Nginx, PHP-FPM, Redis and Supervisord. It is configured to serve the application on port 80 on your host (but won't be useful to you unless you configure the environment variables for MySQL server).
docker-compose-prod-example.yml
The testing setup includes additional services for testing the production environment container locally. It's useful to run the production container with it easily connected to a database. There are two services specified:
- WillowCMS: Similar to the production container but configured for testing locally with MySQL.
- MySQL: A MySQL 5.7 database instance for testing purposes.
The Nginx configuration for Willow CMS is split into two main files: nginx-cms.conf
and nginx.conf
. These files are crucial for setting up the web server and ensuring optimal performance and security.
This configuration file is specifically tailored for the Willow CMS application. It includes directives that handle the routing of requests to the appropriate application endpoints and ensures that static assets are served efficiently. This file is designed to optimize the performance of the CMS by configuring caching and compression settings.
- Purpose: To manage application-specific routing and performance optimizations.
- Location: nginx-cms.conf
The nginx.conf
file contains the global configuration settings for the Nginx server. It includes security settings such as disabling server tokens to prevent information leakage, setting up security headers, and configuring logging. This file ensures that the server is secure and operates efficiently under various loads.
- Purpose: To define global server settings, including security and logging.
- Location: nginx.conf
If you want to delve deeper into Nginx logging best practices for the cloud, read this:
The supervisord.conf
file manages the processes within the container, including:
- Nginx: The web server.
- PHP-FPM: The PHP FastCGI Process Manager.
- Redis: The in-memory data structure store.
- CakePHP Queue Runners: Ensures background tasks are processed from CakePHP Queue. See these jobs.
This configuration ensures that all necessary services are running and monitored, providing a stable environment for the application.
- Non-Root User: The container runs processes as a non-root user (
nobody
), enhancing security by minimizing permissions. Dockerfile - Environment Variables: Sensitive information is managed through environment variables, which should be secured and not exposed in production.
- Nginx Configuration: The Nginx setup includes security headers and disables server tokens to prevent information leakage. nginx.conf
The Dockerfile for this container setup specifies the version of Willow CMS that is downloaded and installed. This is achieved through the following Docker configuration and will be configurable via the WILLOW_VERSION
argument:
Here are some useful Docker Compose commands for working with the containers:
sudo docker-compose logs willowcms
docker-compose -f docker-compose-test.yml logs willowcmstest
sudo docker-compose build willowcms --progress=plain --no-cache
docker-compose -f docker-compose-test.yml build willowcms --progress=plain --no-cache
docker-compose up -d
docker-compose -f docker-compose-test.yml up -d
docker-compose down -v
docker-compose -f docker-compose-test.yml down -v
Many hours of head banging putting this together where were spared thanks to the fantasic work of Tim de Pater and his Docker image with PHP-FPM 8.3 & Nginx 1.26 on Alpine Linux. You should check him out