❗ This project is BETA. Don't run it on a production server unless you know what you are doing. Please report any security concerns or other suggestions by submitting an issue.
ℹ️ I'm not a programmer, nor a sys/net-admin. If there are bugs, please report them and I'll do my best to fix them. This project is made just for fun and learning.
plemp (Perfect Linux (e)Nginx MYSQL & PHP), is what I call the 'ideal' webserver for basic webapplications. It uses Docker and is easy to deploy. The project was meant to be a teaching experience cause I wanted to know more about Docker. It has several security and pagespeed enhancements out of the box. Is it really perfect ? No, of course not, especially right now since it's in beta. I cannot possibly take all requirements of everybody into consideration, so it might not be suitable for everyone.
plemp is a network of 3 docker containers.
- Nginx 1.19.0
- MYSQL 8
- PHP7.4-FPM
The docker-compose file let's you deploy a turn-key webserver. All you need to do is edit the virtual host file and define your domain name.
The Nginx application is compiled with ngx_pagespeed. The configuration and presets are already applied. Straight away you are caching, optimizing html/css/js and images. If you are using a CMS like WordPress, this will save you from installing such plugins. It's all handled at the server level, before it even reaches WordPress. If you want to see or edit the options, view nginx/files/conf.d/pagespeed.conf
Nginx is caching the static content like images, videos, css and js files. Nginx is know for it's incredibly fast caching mechanism.
The Nginx application is compiled with ModSecurity. ModSecurity act as a WAF (WebApplication Firewall), and it will secure your webapplication from malicious visitors. This too will make security plugins redundant (e.g.: WordFence for WordPress).
The ModSecurity module is extended with the Core Rule Set created by OWASP. It will prevent popular attacks like Cross Site Scriptin, SQL Injection and Cross Site Request Forgery. Other attack vectors are Local/Remote File Inclusion, Remote Code Execution and Session Fixation. Read their GitHub page for more information.
❗Some poorly coded themes/plugins/extensions for your CMS may trigger false positives. Test your application before moving to production !
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Xss-Protection "1; mode=block" always;
We're assuming your already have Docker installed on your server.
- Clone this repository and enter it.
- Edit the .env file for MYSQL credentials.
- Rename and edit the virtual hosts file in
./nginx/files/sites-enabled/example.com, and replace all instanced of 'example.com' with your own domain. - Rename instances of 'example.com' in the
./nginx/Dockerfile. - run
docker-compose up -d.
The server should now be listening on port http/80.
- Add Let's Encrypt automation
- Add Amplify to monitor Nginx
- Add MYSQL Tuner for database optimization
- Enable http2