Skip to content

Docker newbie2 instructions

Michael Gage edited this page Apr 27, 2022 · 5 revisions

Allowing connections from outside the docker container

Introduction:

  • These notes are preliminary and a reminder (for me) of the changes needed so that you can access your desktop webwork site with an external ip address.

Warning -- this increases risk

There is increased risk if your site can be reached from some ip address other than localhost.

Pointers to more secure instructions

  • The document https://github.com/openwebwork/webwork2/wiki/Running-a-production-WeBWorK-server-using-Docker in this wiki gives suggestions for setting up the webwork site inside Docker so that it is better protected, including obvious things like choosing non-default passwords for databases.

Changes which convert webwork container so that it can be accessed from outside

  • If your webwork site run nicely with the command localhost:8080/webwork2 (the choice of the port is up to you) then you need to make the following changes in the container to access it via mydomainName.net:8080/webwork2.
  1. If your docker container is webwork2 then in the file webwork2/docker-compose.yml uncomment and change the hostname: section to myDomain.net. (Do not add a port number or "webwork2" here.) q/p

  2. You can change the port number in the .env file by modifiying the environment variable WEBWORK2_HTTP_PORT_ON_HOST or by modifying the ports section of docker-compose.yml near line 187

  3. Around line 248 override the WEBWORK_ROOT_URL environment variable by entering: WEBWORK_ROOT_URL: http://myDomain.net Use http for now until we turn on SSL for https access and do not include things like /webwork2 -- just the domain name and the schema.

  4. Finally in webwork2/docker-config/apache modify the file 000-default.conf by adding one or more new segments, one for each domain name that you might want to use to access your webwork container.

#this file was already there. It's purpose is to trap requests that have correct ip address but don't have one of the acceptable domain names.
<VirtualHost _default_:80>
        # This fake virtual host is intented to capture traffic which
        # spoofs the "Host:" header value for security reasons.
        # It will deny ALL such traffic.
        ServerName fake
    DocumentRoot "/www/www/html"
    <Directory /var/www/html/>
         Order deny,allow
         deny from all
    </Directory>
</VirtualHost>

#add this segment
<VirtualHost *:80>
    ServerName myDomain.net 
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# if you wish you can also add a virtual server for 
# another domain, but you will need to change the configurations you entered above in the file 
# `docker-compose.yml`

<VirtualHost *:80>
    ServerName michaelegage.org 
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# this virtual host was already defined for use with the localhost entry to the container
<VirtualHost *:80>
    ServerName localhost 
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Summary

  • changes in webwork2/.env to
    • WEBWORK_DB_PASSWORD
    • WEBWORK_MYSQL_ROOT_PASSWORD
  • changes in `webwork2/docker-compose.yml
    • hostname:
    • WEBWORK_ROOT_URL:
  • changes in `webwork2/docker-config/apache/000-default.conf
    • add segments for external domains addressing the docker container