Previously I deployed MariaDB in docker swarm environment. You can check the article here.
Today I am going to show you how to deploy MariaDB 111.2.2 using docker compose behind Caddy proxy. Here we are not exposing the MariaDB service to the external. It is available only to the internal services or applications.
Lets start with the actual deployment…
MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL.
MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.
Please make sure you should fulfill the below requirements before proceeding to the actual deployment.
- Ubuntu latest server (any Linux flavor works but I am using Ubuntu here).
- Docker and Docker Compose installed on the Ubuntu Server.
Introduction to MariaDB
MariaDB is one of the most popular database servers in the world. It’s a fork of MySQL, made by the original developers of MySQL.
MariaDB is guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google.
MariaDB is developed as open-source software and as a relational database, it provides an SQL interface for accessing data.
The latest versions of MariaDB also include GIS and JSON features.
You can find more about MariaDB here.
Secure MariaDB Environment
MariaDB Docker images have typically offered various ways to set the MySQL root password, where some methods are recommended over others.
Ways to set passwords…
MYSQL_PASSWORDin environment variable section in compose file.
- Mounting a password file into the container and have
MYSQL_RANDOM_ROOT_PASSWORDin environment variable section to have MariaDB generate a random root password. The generated root password will be printed to stdout (
GENERATED ROOT PASSWORD: .....). Recommended method
- Docker Secrets – Secrets are securely stored in an encrypted Raft log and replicated to other nodes in the cluster. Recommended method
We use Docker Secrets method for passing required password values to MariaDB Container.
MYSQL_ROOT_PASSWORD in environment variable is the least secure option. The environment variables are exposed to both the host system and to the container itself, leaving the password at very high risk of exposure.
Mounting a password file will avoid some of the exposure, but the file would still have to be stored on the host system. Not really ideal.
Docker introduced a new mechanism for managing sensitive data with Docker Secrets in version 1.13. Click here to get an overview of it.
Setting up containers with secrets in Docker Compose is straightforward. We’ll specify our secrets in the environment variable section, and tell MariaDB to use those secrets after the container starts.
MariaDB Custom Configuration File
The startup configuration is specified in the file
/etc/mysql/my.cnf, and that file in turn includes any files found in the
/etc/mysql/conf.d directory that end with
.cnf. Settings in files in this directory will augment and/or override settings in
/etc/mysql/my.cnf. If you want to use a customized MySQL configuration, you can create your alternative configuration file in a directory on the host machine and then mount that directory location as
/etc/mysql/conf.d inside the
/my/custom/config-file.cnfis the path and name of your custom configuration file, you can start your
mariadbcontainer with the directory path of the custom config file.
You have to mount only the directory path of the custom config file like the command below:
This will start a new container
mariadbwhere the MariaDB instance uses the combined startup settings from
/etc/mysql/conf.d/config-file.cnfwith settings from the latter taking precedence.
MariaDB without Configuration File
Many configuration options can be passed as flags to
mysqld. This will give you the flexibility to customize the container without needing a
For example, if you want to change the default encoding and collation for all tables to use UTF-8 (
max_allowed_packetsettings for the container. Just include the values in
commandkey as described in below code:
command: "mariadb", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci", "--wait_timeout=28800", "--interactive_timeout=28800", "--max_allowed_packet=256M"]
Please check mariadb docker hub for more configuration options.
Prepare MariaDB Environment
Let’s start creating passwords for MariaDB Container using the Docker Secrets method.
mysql_root_password.txt text files with your secrets in the directory.
sudo nano wp_db_password.txt
sudo nano mysql_root_password.txt
I am going to persistent
/var/lib/mysql of Maria DB for disorder recovery.
Create folder in
/opt directory to persistent MariaDB data folder,
sudo mkdir -p mariadata
Prepare Docker Compose File
Now it’s time to create a docker compose file that contains the Caddy Reverse Proxy service, MariaDB service (you can add more services later that depends on MariaDB) in
docker compose is the configuration file in
.yml (Yet Another Markup Language).
Create a docker network
caddy, we will use it to expose application containers or internal services to outside world.
docker network create caddy
We will use another network (bridge network)
inetto connect MariaDB service securely with out exposing it to external.
Use the below commands to create the configuration file,
sudo touch docker-compose.yml
docker-compose.yml with nano editor using
sudo nano docker-compose.yml
Copy and paste the below code in the docker-compose.yml configuration file.
Here is the full
command: ["--wait_timeout=28800", "--interactive_timeout=28800", "--max_allowed_packet=256M", "--transaction-isolation=READ-COMMITTED", "--binlog-format=ROW"]
test: ['CMD', '/usr/local/bin/healthcheck.sh', '--innodb_initialized']
- target: 80
- target: 443
- target: 443
- target: 2019
Lets discuss about some of the configuration options above.
depends_on expresses startup and shutdown dependencies between services.
The short syntax variant only specifies service names of the dependencies. Service dependencies cause the following behaviors:
- Compose creates services in dependency order. In the above scenario,
caddyis created before
- Compose removes services in dependency order. In the above scenario,
mariais removed before
Compose guarantees dependency services have been started before starting a dependent service. Compose waits for dependency services to be ready before starting a dependent service.
restart_policy is to configure whether and how to restart containers when they exit.
condition: One of
any. Default is any.
Deploy the Docker Compose
Now it’s time to deploy our
docker-compose file above using the below command
docker compose up -d
Check the status of the services or containers using
docker ps on
server to get the running containers. The out should look like below.
CONTAINER ID of MariaDB from the above command.
Login to MariaDB Container.
docker exec -it CONTAINER ID bash to log into MariaDB Container.
After logging into the container, type
mariadb -u root -p to go to the MariaDB admin console.
root password here, whatever you created using the Docker Secrets method in Prepare Environment section of this article.
SHOW DATABASES to see all the databases in our MariaDB Container.
By default the container should create one database that was specified in the configuration file,
We can create databases using
CREATE DATABASE database name;
We will be using the databases for applications we are going to deploy soon.
Delete database using
DROP database name;
Please watch the below video for MariaDB Installation in Docker Swarm
I hope you enjoyed this post. Please share your thoughts or feedback on it by commenting.
Stay tuned for other deployments 🙂