From 96e982144801e6433270e671257495ca288e7b7a Mon Sep 17 00:00:00 2001
From: Willem Haffmans <info@willemhaffmans.nl>
Date: Thu, 22 May 2025 09:18:47 +0200
Subject: [PATCH] healthcheck and ssl working only expose 443

---
 srcs/.env                               |  2 +-
 srcs/docker-compose.yml                 | 42 ++++++++++++-------------
 srcs/requirements/mariadb/Dockerfile    |  3 +-
 srcs/requirements/nginx/Dockerfile      | 14 +++++++--
 srcs/requirements/nginx/conf/nginx.conf | 10 ++++--
 srcs/requirements/wordpress/Dockerfile  |  7 +++--
 6 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/srcs/.env b/srcs/.env
index fad03ad..40690f1 100644
--- a/srcs/.env
+++ b/srcs/.env
@@ -15,7 +15,7 @@ WP_ADMIN=theboss
 WP_ADMIN_PASSWORD=42theboss42
 WP_ADMIN_EMAIL=inception@duinvoetje.nl
 
-WP_THEME=twentytwentyfour
+WP_THEME=impressionist
 
 WP_USER=inception
 WP_USER_PASSWORD=42inception42
diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml
index c13e4db..ed7ed31 100644
--- a/srcs/docker-compose.yml
+++ b/srcs/docker-compose.yml
@@ -12,8 +12,6 @@ services:
     build:
       context: ./requirements/mariadb
       dockerfile: Dockerfile
-    ports:
-      - '3306:3306'
     networks:
       - docker-network
     volumes:
@@ -23,14 +21,17 @@ services:
   nginx:
     restart: always
     container_name: nginx
+    environment:
+      - DOMAIN_NAME=${DOMAIN_NAME}
     build:
       context: ./requirements/nginx
       dockerfile: Dockerfile
+      args:
+        DOMAIN_NAME: ${DOMAIN_NAME}
     depends_on:
       - wordpress
     ports:
       - '443:443'
-      - '80:80'
     networks:
       - docker-network
     volumes:
@@ -45,29 +46,28 @@ services:
     depends_on:
       - mariadb
     environment:
-      - DOMAIN_NAME=whaffman.42.fr
+      - DOMAIN_NAME=${DOMAIN_NAME}
 
-      - MYSQL_DATABASE=wordpress
-      - MYSQL_USER=wordpress
-      - MYSQL_PASSWORD=42wordpress42
-  
-      - DB_HOST=mariadb
-      - DB_PORT=3306
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      
+      - DB_HOST=${DB_HOST}
+      - DB_PORT=${DB_PORT}
 
-      - WP_TITLE=Inception
-      - WP_DESCRIPTION=Inception project
+      - WP_TITLE=${WP_TITLE}
+      - WP_DESCRIPTION=${WP_DESCRIPTION}
 
-      - WP_ADMIN=theboss
-      - WP_ADMIN_PASSWORD=42theboss42
-      - WP_ADMIN_EMAIL=inception@duinvoetje.nl
+      - WP_ADMIN=${WP_ADMIN}
+      - WP_ADMIN_PASSWORD=${WP_ADMIN_PASSWORD}
+      - WP_ADMIN_EMAIL=${WP_ADMIN_EMAIL}
 
-      - WP_THEME=twentytwentyfour
+      - WP_THEME=${WP_THEME}
+
+      - WP_USER=${WP_USER}
+      - WP_USER_PASSWORD=${WP_USER_PASSWORD}
+      - WP_USER_EMAIL=${WP_USER_EMAIL}
 
-      - WP_USER=inception
-      - WP_USER_PASSWORD=42inception42
-      - WP_USER_EMAIL=inception@duinvoetje.nl
-    ports:
-      - '9000:9000'
     networks:
       - docker-network
     volumes:
diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile
index d7f4796..dc3a878 100644
--- a/srcs/requirements/mariadb/Dockerfile
+++ b/srcs/requirements/mariadb/Dockerfile
@@ -30,7 +30,7 @@ COPY ./conf/my.cnf /etc/my.cnf
 # COPY ./init.sql /usr/local/bin/init.sql
 
 # Expose the MySQL port
-EXPOSE 3306
+#EXPOSE 3306
 
 # Set the user and group to run the container
 
@@ -46,4 +46,5 @@ ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 
 # Start the MariaDB server
 CMD ["mysqld", "--datadir=/var/lib/mysql", "--user=mariadb"]
+HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=1 CMD mysqladmin ping -h localhost || exit 1
 
diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile
index 4eb3c91..de7e73d 100644
--- a/srcs/requirements/nginx/Dockerfile
+++ b/srcs/requirements/nginx/Dockerfile
@@ -1,9 +1,19 @@
 FROM alpine:3.20
 
 RUN apk add --no-cache \
-	nginx &&\
+	nginx \
+	openssl \
+	curl &&\
 	rm -rf /var/cache/apk/*
 
+ARG DOMAIN_NAME
+
+RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+  -keyout /etc/ssl/private/nginx-selfsigned.key \
+  -out /etc/ssl/certs/nginx-selfsigned.crt \
+  -subj "/CN=${DOMAIN_NAME}"
+
 COPY ./conf/nginx.conf /etc/nginx/nginx.conf
-EXPOSE 80
+EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
+HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=1 CMD curl --insecure -f https://127.0.0.1:443/ || exit 1
diff --git a/srcs/requirements/nginx/conf/nginx.conf b/srcs/requirements/nginx/conf/nginx.conf
index 19480ec..1ae22db 100644
--- a/srcs/requirements/nginx/conf/nginx.conf
+++ b/srcs/requirements/nginx/conf/nginx.conf
@@ -10,10 +10,14 @@ http {
     default_type  application/octet-stream;
 
     server {
-        listen       80;
-        server_name  localhost;
-        root         /var/www/html;
+        listen 443 ssl;
+        server_name ${DOMAIN_NAME};
 
+        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+
+        root /var/www/html;
+ 
         access_log /var/log/nginx/example.localhost-access.log;
         error_log  /var/log/nginx/example.localhost-error.log error;
         index index.html index.htm index.php;
diff --git a/srcs/requirements/wordpress/Dockerfile b/srcs/requirements/wordpress/Dockerfile
index 37678f9..e84d532 100644
--- a/srcs/requirements/wordpress/Dockerfile
+++ b/srcs/requirements/wordpress/Dockerfile
@@ -14,7 +14,8 @@ RUN apk add --no-cache \
     php83-gd \
     php83-session \
     mariadb-client \
-    curl &&\
+    curl \
+    busybox-extras &&\
     rm -rf /var/cache/apk/*
 
 # Add a new user and group
@@ -43,4 +44,6 @@ RUN chmod +x /usr/local/bin/install.sh
 
 ENTRYPOINT ["/usr/local/bin/install.sh"]
 
-CMD ["php-fpm83", "-F"]
\ No newline at end of file
+CMD ["php-fpm83", "-F"]
+HEALTHCHECK --interval=10s --timeout=3s --start-period=5s --retries=3 \
+  CMD nc -z 127.0.0.1 9000 || exit 1
\ No newline at end of file