Deploying a Secure Laravel Application on Docker with MySQL

In the world of web development, Laravel is one of the most popular PHP frameworks, prized for its elegant syntax and robust features. However, deploying a Laravel application securely can be challenging, especially when combined with Docker and MySQL. In this article, we’ll walk through the process of deploying a secure Laravel application using Docker with MySQL, ensuring that your application is not only functional but also adheres to best security practices.

What is Docker?

Docker is a platform that enables developers to automate the deployment of applications inside lightweight, portable containers. These containers encapsulate everything an application needs to run, including the code, runtime, libraries, and environment variables. This means that applications can be deployed consistently across different environments, reducing the “it works on my machine” syndrome.

Benefits of Using Docker for Laravel

• Isolation: Each application runs in its own container, minimizing conflicts.
• Portability: Docker containers can run on any system that supports Docker.
• Scalability: Easily scale applications by running multiple containers.
• Simplified Dependencies: Manage dependencies effectively without affecting the host system.

Setting Up Your Environment

Before we dive into the deployment process, ensure you have the following prerequisites installed on your machine:

• Docker
• Docker Compose
• PHP (for local development)
• Composer (for Laravel dependency management)

Step 1: Create a New Laravel Project

To start, create a new Laravel application. Open your terminal and run:

composer create-project --prefer-dist laravel/laravel my-laravel-app

Navigate into your project directory:

cd my-laravel-app

Step 2: Create a Dockerfile

In your Laravel project root, create a Dockerfile to define your application’s environment. Here’s a basic example:

# Use the official PHP image
FROM php:8.1-fpm

# Set the working directory
WORKDIR /var/www

# Install system dependencies
RUN apt-get update && apt-get install -y libzip-dev unzip

# Install PHP extensions
RUN docker-php-ext-install zip pdo pdo_mysql

# Copy the existing application directory contents
COPY . .

# Install Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

# Install Laravel dependencies
RUN composer install

# Expose port 9000 to the outside world
EXPOSE 9000

# Command to run the application
CMD ["php-fpm"]

Step 3: Create a Docker Compose File

Next, create a docker-compose.yml file to define your application services, including PHP, MySQL, and Nginx:

version: '3.8'

services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
    volumes:
      - .:/var/www
    networks:
      - app-network

  db:
    image: mysql:5.7
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: laravel_db
      MYSQL_USER: user
      MYSQL_PASSWORD: password
    ports:
      - "3306:3306"
    networks:
      - app-network

  webserver:
    image: nginx:alpine
    ports:
      - "8000:80"
    volumes:
      - .:/var/www
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
    networks:
      - app-network

networks:
  app-network:
    driver: bridge

Step 4: Configure Nginx

Create a directory named nginx in your project root and create a file named default.conf within it. This configuration file will route requests to your Laravel application:

server {
    listen 80;
    server_name localhost;

    root /var/www/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass app:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Step 5: Build and Run the Containers

Now that you have everything set up, it's time to build and run your Docker containers. In your terminal, run:

docker-compose up -d --build

This command will build your Docker images and start the containers in detached mode.

Step 6: Migrate Your Database

Once your containers are running, you need to set up your MySQL database. Run the following command to execute migrations:

docker-compose exec app php artisan migrate

Step 7: Secure Your Application

Securing your Laravel application is crucial. Here are some tips:

• Environment Variables: Use .env files for sensitive information like database credentials.
• SSL Encryption: Consider using Let's Encrypt with your Nginx setup for HTTPS.
• CSRF Protection: Ensure that CSRF protection is enabled in your Laravel application.
• Validate Input: Always validate user input to prevent SQL injection and XSS attacks.

Troubleshooting Common Issues

• Container Not Starting: Check logs using docker-compose logs to identify errors.
• Database Connection Issues: Ensure your database credentials in the .env file are correct and that the database service is running.
• File Permissions: If you encounter issues with file uploads, ensure that the storage and bootstrap/cache directories are writable.

Conclusion

Deploying a secure Laravel application on Docker with MySQL can significantly streamline your development and deployment processes. By following these steps, you can ensure that your application is not only up and running but also secure and scalable. Embrace the power of Docker to take your Laravel applications to the next level, and remember to always prioritize security to protect your users and data. Happy coding!