Docker - secure mysql configuration - mysql

I want to make a separate docker container for mine mysql database which will run for my production and test environment. The problem is that it has the potential to exposes the port number and environment values to for example hackers who have gained access to the container.
How can I write a secure mysql image that doesn't show the port number and environment variables?
UPDATE
I have created a local .env file and used variables in mine docker-compose.yml.
docker-compose.yml
version: '3.1'
services:
mysql:
image: mysql:5.6
ports:
- 3306
environment:
- DB_DATABASE=${DB_DATABASE}
- DB_USERNAME=${DB_USERNAME}
- DB_PASSWORD=${DB_PASSWORD}

Related

How to migrate schema using Flyway into a docker container database to create an isolated testing environment?

I want to migrate the schemas I have for the tables in my db into a docker container I've made. First time using flyway and it seems entirely possible for it to be able to migrate the schema over and into my db. I want to make it so that when I run my unit-tests locally it will run against this docker test container and not the public db.
Here is what I have so far, inside my docker-compose.yaml file:
db:
image: mysql:latest
network_mode: bridge
restart: always
environment:
MYSQL_ROOT_PASSWORD: test
MYSQL_DATABASE: test
ports:
- "3306:3306"
When I run docker-compose up on my terminal, the container appears to build and is shown in the Docker UI. And when I run docker ps in another terminal I see the server is spun up.
Then when I go to MySQL workbench UI and login the credentials for the container as:
Username: localhost
Port: 3306
Password: test
Username: root
And when I run that I get a boiler-plate mysql db. Now what I want to do now is migrate the schema of another db to replace the boiler-plate one.
So I have flyway installed and everything setup on my machine but I don't know how to make the connection between that docker container db I just made and the db schema I have.
Here is my flyway file so far:
flyway.url=jdbc:mysql://localhost:3306/db
flyway.user=root
flyway.password=test
flyway.baselineOnMigrate=false
flyway.defaultSchema=config_data
flyway.schemas=config_data, kol_data, baw_data, ter_data
I also think this layout I found online of the docker-compose.yaml file might work too but not sure how to integrate it into my code"
version: '3'
services:
flyway:
image: flyway/flyway:6.3.1
command: -configFiles=/flyway/conf/flyway.config -locations=filesystem:/flyway/sql -connectRetries=60 migrate
volumes:
- ${PWD}/sql_versions:/flyway/sql
- ${PWD}/docker-flyway.config:/flyway/conf/flyway.config
depends_on:
- postgres
postgres:
image: postgres:12.2
restart: always
ports:
- "5432:5432"
environment:
- POSTGRES_USER=example-username
- POSTGRES_PASSWORD=pass
- POSTGRES_DB=db-name
All in all I simply want to take the schema from one db and put that into my docker container so that I can run unit-tests against it.
Thanks

'Unknown MySQL server host' when attaching to MySQL container

I am trying to attach to my MySQL container to ensure the data I wanted to transfer to the volume and container is being applied correctly. Ideally I was trying to do this by attaching via CLI through the Docker Desktop software. However trying to run mysql I get a Unknown MySQL server host '127.0.0.1:3306' (-2) error. I have tried changing the MYSQL_HOST variable to 127.0.0.1, 0.0.0.0, and localhost.
Here is a copy of my docker-compose.yml file:
version: "3.7"
services:
mysql:
image: mysql
env_file: compose.env
volumes:
- db-data:/var/lib/mysql
ports:
- 3306:3306
volumes:
db-data:
UPDATE: So I removed the MYSQL_HOST environment variable from compose.env and now I can attach and query data. Not sure why this was a conflict though.

Docker MySQL - can't connect from Spring Boot app to MySQL database

What I'm trying to do is, connect from my spring-boot app to mysql database in Docker. Each in their own container.
But I must be having something wrong because I can't do it.
To keep it simple :
application-properties :
# URL for the mysql db
spring.datasource.url=jdbc:mysql://workaround-mysql:3308/workaround?serverTimezone=UTC&max_allowed_packet=15728640
# User name in mysql
spring.datasource.username=springuser
# Password for mysql
spring.datasource.password=admin
#Port at which application runs
server.port=8080
docker-compose for MySQL:
version: '3'
services:
workaround-mysql:
container_name: workaround-mysql
image: mysql
environment:
MYSQL_DATABASE: workaround
MYSQL_USER: springuser
MYSQL_PASSWORD: admin
MYSQL_ROOT_PASSWORD: admin
MYSQL_ROOT_HOST: '%'
ports:
- "3308:3306"
restart: always
So pretty simple right ? Database I start with docker-compose up:
All seems to be working fine so far.
Now that I have db started, to the application, this is its docker-compose.yml:
version: '3'
services:
workaround:
restart: always
# will build ./docker/workaround/Dockerfile
build: ./docker/workaround
working_dir: /workaround
volumes:
- ./:/workaround
- ~/.m2:/root/.m2
expose:
- "8080"
command: "mvn clean spring-boot:run"
For its Dockerfile I use Linux Alpine and Java.
FROM alpine:3.9
....add java...
RUN apk update
RUN apk add dos2unix --update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community/ --allow-untrusted
RUN apk add bash
RUN apk add maven
Super simple. Now let's start the application :
Unknown host, so let's try the IP then :
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' workaround-mysql
# URL for the mysql db
spring.datasource.url=jdbc:mysql://172.20.0.2:3308/workaround?serverTimezone=UTC&max_allowed_packet=15728640
Now I get timeout:
As you can see I get error. What is wrong with my setup and how to fix
this? Either I have unknown host exception or Refused to connect or connection timeout.
I have tried:
Using ip of a container in my application.properties, didn't work
Different ports for MySQL and application
Different images and versions of MySQL
Having everything in one docker compose with wait
timer for database.
Minimal setup with
https://github.com/hellokoding/hellokoding-courses/tree/master/docker-examples/dockercompose-springboot-mysql-nginx
Also resulted in communication link failure, Site was accessible but I
doubt that db was connected properly.
Notes:
I run this all on one computer I use port 3308 because I have local
MySQL db at 3306.
Here is docker ps -a
#Vusal ANSWER output :
Only thing different from code in answer I did wait for database to be ready 30 seconds
command: /bin/bash -c "sleep 30;mvn clean spring-boot:run;"
Try this docker-compose.yml:
version: '3'
services:
workaround-mysql:
container_name: workaround-mysql
image: mysql
environment:
MYSQL_DATABASE: workaround
MYSQL_USER: springuser
MYSQL_PASSWORD: admin
MYSQL_ROOT_PASSWORD: admin
MYSQL_ROOT_HOST: '%'
ports:
- "3308:3306"
restart: always
workaround:
depends_on:
- workaround-mysql
restart: always
# will build ./docker/workaround/Dockerfile
build: ./docker/workaround
working_dir: /workaround
volumes:
- ./:/workaround
- ~/.m2:/root/.m2
expose:
- "8080"
command: "mvn clean spring-boot:run"
And update your application.properties to use the next JDBC connection url:
spring.datasource.url=jdbc:mysql://workaround-mysql:3306/workaround?serverTimezone=UTC&max_allowed_packet=15728640
It should work when both containers in the same docker-compose file, because docker-compose creates default network for containers, so they can resolve each other by name.
What you haven't tried so far is running both containers on the same Docker network.
First, forget about IP addressing - using it should be avoided by all means.
Second, launch both compose instances with the same Docker network.
Third, do not expose ports - inside bridge network all ports are accessible to running containers.
Create global network
docker network create foo
Modify both compose files so that they use this network instead of creating each one its own:
version: '3.5'
services:
....
networks:
default:
external: true
name: foo
Remove expose directives from compose files - inside one network all ports are exposed by default
Modify connection strings to use default 3306 port instead of 3308
Enjoy
In order for the service to connect with MySql through docker it has to be in same network, look into Docker network
But for better solution I would suggest you to write a single docker compose file for MySql and Spring boot.The reason is it will easily be linked when you do that.No need any other configuration.
version: "3"
services:
mysql-service:
image: mysql
ports:
- "3306:3306"
environment:
- MYSQL_DATABASE=db
- MYSQL_USER=root
- MYSQL_PASSWORD=pass
- MYSQL_ROOT_PASSWORD=pass
spring-service:
image: springservce:latest
ports:
- "8080:8080"
depends_on:
- mysql-service
Before you try to connect to the Docker container you should stop mysql in your computer then go to the application.properties and type:
spring.datasource.url=jdbc:mysql://localhost:3306/NAME_OF_YOUR_DB_HERE?useSSL=false&allowPublicKeyRetrieval=true
Regarding localhost, you should inspect the mysql container and pick the IP address and use it instead. most likely is 172.17.0.2. If it did not work then use localhost.

Local development with docker compose - Using Mysql localhost

I am a beginner with Docker and docker-compose for local development on my Mac. Currently, if I restart my containers, the MySql data is wiped out.
I would like to enable persistent storage for MySql local development.
Is there a way I can connect my application running inside docker container to the MySql running on my Mac Host machine?
My docker-compose.yaml file:
mysql:
build: ./mysql
container_name: mysql
environment:
MYSQL_ROOT_PASSWORD: ******
restart: on-failure
ports:
- 3306:3306
Apart from connecting docker application to MySql on local machine, is there any other way to achieve this?
you can solve this problem by using volumes in docker-compose.yaml file. please refer the following links
link1,
link2. whenever a docker container runs, it will map the volume to the container. Syntax for the volumes in docker-compose.yaml is as follows:
volumes:
- <path in host>:<path in container>

Docker on Windows Data Persistence - Host Mapping vs Data Volume

I'm very new to Docker and after reading about data volumes I'm still somewhat confused by the behaviour I'm seeing.
In my compose file I had an entry for mysql like this:
db:
image: mysql
restart: always
volumes:
- ./database:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: p4ssw0rd!
networks:
- back
This mapped the /database directory to /var/lib/mysql. The database files where created and I could start Wordpress, install, add a post. The problem as it never persisted any created data. If I restarted Docker and executed:
docker-compose up -d
The database was empty.
Changing this to:
db:
image: mysql
restart: always
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: p4ssw0rd!
networks:
- back
And adding in a volume like this:
volumes:
db_data:
Now persists the data in the Docker data volume and restarting works. Any data created during the last run is still present.
How would I get this to work using the host mapped directory?
Am I right in thinking the second example using volumes is the way to go?
Docker volumes on windows work a bit different way than Linux. Basically on Windows, docker runs a VM and the docker is setup inside the VM. So it seems to you that you run docker commands locally on Windows but the actual stuff happens in background inside a VM.
docker run -v d:/data:/data alpine ls /data
First you need to make share the D: in docker settings. You can find a detailed article explaining the steps for doing so
https://rominirani.com/docker-on-windows-mounting-host-directories-d96f3f056a2c