Remarks
In the Inception project, your host environment is a Virtual Machine (VM). This VM acts as the physical server or host machine where your Docker containers will run. The VM simulates a real server environment, providing the necessary resources (CPU, memory, network interfaces) for the Docker containers to operate.
Docker is a platform that allows you to package and run applications in isolated environments called containers. Each container is lightweight, includes the application and its dependencies, and runs independently from other containers. Containers share the same OS kernel but operate in separate user spaces, ensuring isolation from each other and the host system.
Network isolation is a critical aspect of this project. Docker creates its own network layer, allowing containers to communicate with each other while keeping them isolated from the host's network and other Docker networks.
In the Inception project, Docker Compose is used to create and manage this isolated network. Docker Compose need to create a bridge network where all your containers can communicate internally using service names, without exposing those services directly to the host machine's network.
When a request is made from outside the VM (for example, from your web browser), it must pass through several layers before reaching the appropriate service inside the Docker containers. Here’s how the process works:
-
Incoming Request to the Host VM:
The first point of contact for an incoming HTTP or HTTPS request (e.g., accessing
https://yourdomain.com) is the host VM. The VM listens on its public IP address or domain name, and the request is directed to port 443 (for HTTPS). -
Port Forwarding to Docker:
The VM is configured to forward incoming requests on port 443 to the Nginx container running inside Docker. This is achieved through Docker's port mapping feature, which forwards traffic from a specific port on the host (443 in this case) to the corresponding port in the container (also 443 for Nginx).
-
Nginx Handles the Request:
Nginx is a web server and reverse proxy that listens for incoming web traffic. When the request reaches the Nginx container via port 443, Nginx processes the request based on its configuration. This configuration will include rules on how to handle requests, such as directing them to the WordPress container or serving static content.
-
Routing the Request to WordPress:
- WordPress Application: If the request is for the website (e.g., accessing a WordPress page), Nginx routes the request to the WordPress container. The WordPress container is running an instance of WordPress, which is a PHP-based content management system (CMS).
- PHP Processing: Inside the WordPress container, the PHP interpreter is responsible for processing the WordPress code. When a request is received, WordPress executes PHP scripts to generate dynamic content. This could involve fetching data from the database, processing user input, or generating HTML to send back to the client.
-
Database Interaction with MariaDB:
- Querying the Database: If WordPress requires data from the database (e.g., loading a blog post or user information), it sends a query to the MariaDB container. The MariaDB container is running the MariaDB database server, which manages all the data for the WordPress site.
- Returning Data: MariaDB processes the query and returns the requested data to the WordPress container, where PHP continues processing and prepares the response.
-
Response Back to the Client:
- After WordPress, with the help of PHP, has fully processed the request and possibly retrieved data from MariaDB, it sends the generated content (such as an HTML page) back to the Nginx container.
- Nginx then forwards this response through the Docker network, back to the host VM, and finally out to the client’s browser.
- Request: Client → Host VM (port 443) → Nginx (Docker container) → WordPress (Docker container) → PHP processes → MariaDB (Docker container).
- Response: MariaDB → PHP (WordPress) → Nginx → Host VM → Client.
All internal communication between containers happens within Docker's isolated network. Containers can only access each other via their internal Docker-assigned IPs or by service names defined in Docker Compose.
Only specific ports (like 443 for HTTPS) are exposed to the host VM, ensuring that services within Docker containers are not directly accessible from the outside unless explicitly configured.
This architecture ensures that your services are securely isolated, can communicate effectively within their own network, and are accessible from outside in a controlled and secure manner.