DEV Community: Paula

How to deploy a MySQL server using docker containers

Paula — Mon, 27 Mar 2023 11:45:10 +0000

Docker has revolutioned the way we deploy and manage applications. One common use case is running databases like MySQL in Docker containers for development, testing, or even production environments.

This article aims to explain how to deploy and configure a MySQL server using docker containers.

We will go step by step, and at the end of this blog, you will be able to access your MySQL server using a MySQL client, such as HeidiSQL.

Why containers?

Imagine you are working on multiple projects with different needs. One of them needs a MySQL 8.0.32 and the other the version 5.7. How would you go about it?

Maybe your first thought is to install them locally or to use XAMPP, but for starters, you would need to change the default port.

And if you want to have two separate MySQL with the same version?

Things can get complicated quickly.

With containers though, it’s easy. You specify the version and you are done.

Install Docker

If you haven’t already, start by installing Docker on your system. You can download Docker Desktop for Windows and macOS or Docker Engine for Linux from the official Docker website.

It’s also available for the new M1/M2 macOS with the arm64 architecture.

Docker image

The first step is to find the MySQL base image we want to use. DockerHub is a good place to start. If you type "mysql" in the search bar you can choose the image you want, "mysql" or "mariadb" from the results.

In this case, we are choosing mysql:8.0.

The link to the image: https://hub.docker.com/_/mysql

Docker compose

We could execute a docker run and start the container quickly. If we want to change and restart its configuration it’s easier to use a docker-compose.yml file.

version: "3.9"
services:
  database:
    container_name: "database"
    image: mysql:8.0
    environment:
      - MYSQL_ROOT_PASSWORD=dummy_pass
    volumes:
      - db-data:/var/lib/mysql
    ports:
      - "3306:3306"
volumes:
  db-data:

You can find all the possible environment variables on the docker image page.

The next step is to execute the following command:
docker-compose up -d

After that, we can connect to the MySQL container using a MySQL client like HeidiSQL.

You can access the mysql server from the terminal too. For example:

docker exec -it database /bin/bash -c "mysql -uroot -pdummy_pass"

Persist data

By default, Docker containers are ephemeral, meaning data is lost when the container stops. To persist your MySQL data, you can use Docker volumes.
For example, in the docker-compose example we have db-data:/var/lib/mysql. That is a docker volume.

Running MySQL in Docker containers provides flexibility and isolation for your database environment. It’s a convenient way to manage MySQL for various use cases, from development to production.

How to configure a static IP address on CentOS 7 with VirtualBox

Paula — Mon, 27 Mar 2023 08:53:26 +0000

This article aims to explain how to configure a static IP address on a CentOS 7 virtual machine using VirtualBox.

We will go step by step, and at the end of this blog, you will be able to ssh into your virtual machine using a never-changing IP.

What is a static IP?

Every computer has a random local IP address unless you have specified the contrary. These addresses are not fixed. It means that they could change.

In most cases, you don’t care about the IP address, but you usually do with virtual machines.

If you have a MySQL service running on a virtual machine, you would want to save the connection configuration once and re-use it every time. If the IP address changes, you have to modify the connection settings.

Another approach is to use port-forwarding. This approach is okay until you have 3 or more virtual machines with multiple services and ports to keep track of.

The following image shows the ideal local development environment with static IP addresses.

Configure VirtualBox Networking

The app VirtualBox has some networking settings we have to set before changing the VM Linux configuration.

We want our VM to have the following:

Access to the internet
Access to our host computer

And we also want to be able to access the VM by IP.

Step 1: Stop the VM

You have to stop the VM before doing the following steps.

Step 2: Create Ethernet Adapter

Click on Tools - Networks and make sure you have an ethernet adapter created. Write down the IPv4 Prefix, because the static IP will be in this range.

In the image above:

The gateway is 192.168.56.1
The network mask is 255.255.255.0 (24 bits)

The static IP of my VM will be in the 192.168.56.xx range.

Step 3: Change adapters

Right-click on the virtual machine and choose the “Network” tab.
We are going to add 2 adapters:

The first one is going to be a NAT. This way the VM will have internet access.
The second one has to be a “Host-only Adapter” with the ethernet adapter of the previous step. This is the adapter that will have the static IP assigned.

Configure VM Centos 7

Now that we have configured the VirtualBox networking, we will configure the inner VM networking settings.

Step 1: Start the VM

Double-click on the VM or right-click and start.

Step 2: Get the connection name

We know the static IP will be assigned to the second adapter, the Host-only Adapter.

Let’s check the vm networking using ip addr | head -n 20:

loopback
enp0s3: NAT Adapter
enp0s8: Host-Only Adapter

Now we know we have to assign an IP to the enp0s8 device. To get its connection name, you have to execute the following statement:

nmcli -p device

The connection name is “Ethernet connection 1”.

Step 3: Configure connection IP

There are two ways of doing it:

Graphically with nmtui
With bash statements and nmcli

In our case, we will execute some statements in the console.

connection_name="Ethernet connection 1"
ip=192.168.56.2
gateway=192.168.56.1
bits=24

nmcli con mod "$connection_name" ipv4.addresses $ip/$bits
nmcli con mod "$connection_name" ipv4.gateway $gateway
nmcli con mod "$connection_name" ipv4.method manual
nmcli con up "$connection_name"

If we execute ip addr | head -n 20 again, we will see the previous IP address.

Step 4: Reboot

The last step is to reboot the VM

Test the connection

Now we can connect to the VM using the command ssh user@192.168.56.2

Create Self-signed certificates with OpenSSL

Paula — Sat, 04 Feb 2023 17:11:06 +0000

In this guide, I give a step-by-step guide on how to create a self-signed CA and a certificate signed by using the OpenSSL command. Once you know how it works, you can create your own scripts to automate the process.

The mentioned OpenSSL command is a utility that lets you create and inspect certificates.

What is a Self Signed Certificate?

All computers come with a bunch of pre-installed CA. When you go to https://google.com you can see a lock to the left of the URL. This means you trust the site certificates. In other words, your computer trusts the CA of the Google certificate.

With a self-signed certificate, this doesn't happen. The browser throws a warning indicating there's a security risk because you don't trust the certificate. You don't trust the CA that signed that certificate.

If you don't want to see this warning, you have to install the CA. That way you are telling the browser to trust the certificates signed by that CA.

Benefits

You don't need to pay to have a CA
If you need to establish secure connections with TLS but can't use third parties to sign your certificates

Drawbacks

You'll need to trust the CA in the browser or application manually
You have to be careful about where you save the private keys

Create Certificate Authority

First, we need to create our own root CA that will sign our certificates. If we trust in this CA, we trust in the certificates.

1. Create the Private Key

Execute the following openssl command to generate the private key.

openssl genrsa -aes128 \
      -out rootCA.key \
      -passout pass:ca_12345 4096

Encryption: -aes128. The allowed options are: -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea. Some, such as -des and -des3 are not considered secure anymore.
Private Key Size: 4096. The minimum size is 2048. I always use 4096 for the CA, as seen in the Google Root CA.

2. Create the Certificate

We will create the self-signed public certificate using the private key.

openssl req -new -x509 \
      -days 3650 -sha256 \
      -key rootCA.key \
      -passin pass:ca_12345 -out rootCA.crt

Signature Hash algorithm: -sha256 You can execute openssl list --digest-commands to see the available ones. Google uses sha384.

Days until it's not valid: 3650

To view the certificate you've just created, you can use the following command:

openssl x509 -in rootCA.crt -noout -text

Create Self-Signed Certificates

Follow the following steps below to create self-signed certificates. These certificates will be signed by the root CA we created in the previous step.

1. Create the Private Key

As we did with the root CA, we need to create a Private key. This time we'll use 2048 as the size. In case of doubt, you can explore big companies' certificates to see how they do it.

openssl genrsa -aes128 \
      -out serverCert.key \
      -passout pass:server_12345 2048

2. Create Certificate Configuration

We will create a serverCert.conf to have all the certificate data in one place.

cat > csr.conf <<EOF
[ req ]
prompt = no
distinguished_name = requested_distinguished_name
req_extensions = requested_extensions
x509_extensions = requested_extensions

[ requested_distinguished_name ]
countryName = ES
stateOrProvinceName = Madrid
localityName = Madrid
organizationName = Mock Organization
organizationalUnitName = Mock Organization Devops
commonName = mockorg.com
emailAddress = devops@mockorg.com

[ requested_extensions ]
basicConstraints = CA:FALSE
subjectAltName = @list_of_alternative_names

[ list_of_alternative_names ]
DNS.1 = mockorg.com
DNS.2 = www.mockorg.com
DNS.3 = devops.mockorg.com

EOF

3. Generate a CSR (Certificate Signing Request)

The next step is to generate the file serverCert.csr.

openssl req -new -sha256 \
      -config serverCert.conf \
      -key serverCert.key -passin pass:server_12345 \
      -out serverCert.csr

4. Generate Certificate

The last step is to generate the certificate using the just-created CSR.

openssl x509 -req -days 1460 -sha256 -in serverCert.csr \
    -CA rootCA.crt -CAkey rootCA.key -CAcreateserial \
    -out serverCert.crt -passin pass:ca_12345 \
    -extensions requested_extensions -extfile serverCert.conf

To view the certificate you've just created, you can use the following command:

openssl x509 -in serverCert.crt -noout -text