How to install a local eFront portal using Docker

In this article, we describe how you can install a local eFront learning portal using Docker. To simplify the installation process, we have created a Docker Compose file, which will start all the necessary services in separate containers with the correct configuration for each one. This ensures that the installation and the configuration of the required services are done automatically, without the need for the system administrator to install and configure them on a server manually.

Prerequisites
Running eFront in Docker
Accessing your eFront installation
Activating Cron job
Services configuration
Using a different DB Server
Installing an SSL Certificate
Using Certbot (Let’s Encrypt)

Disclaimer: While we have taken care to provide a Docker setup that works out of the box, please note that the configuration of the services is indicative.
Depending on your use case, you may need to alter the configuration of certain services. For example, if you have a large number of concurrent users, you may need to increase both the number of PHP workers and the number of database connections. If you need to split the workloads, you may need to use a separate database server, etc.

Prerequisites

Install Docker and Docker Compose on the machine intended to act as the host for eFront.
Download the latest available eFront package. You can find this under 'Versions' on your eFront License account page. If you don't have an account, contact us.

Note: After installing Docker, make sure that the Docker daemon is running by opening a terminal and running docker -v. If the Docker daemon is running, the version of Docker will be printed.

Note: Docker Compose is installed by default on Windows and Mac devices but not on Linux devices. If you are using a Linux device, you will have to install Docker Compose manually.

Running eFront in Docker

Extract the eFront installation files in the directory you want to install eFront in.
Using a terminal, run the following command in the directory where eFront is installed:
```
docker-compose up -d
```

Note: If you are running Docker on a Linux host, ensure you correctly set the permissions of the extracted directory. eFront on Docker runs under the www-data user; as such, you will need to navigate to the directory where you extracted the files and run the following command:
chown -R www-data:www-data ./

This will start all the required services in separate containers with the proper configuration. The first time you execute the command, Docker will download and build the required images, which may take some time (depending on your internet connection).

Note: It is important that no other process is using port 80 on the host machine. Otherwise, Docker will not be able to start the web server container.

Accessing your eFront installation

After the images are built, the containers will start, and eFront will be accessible at http://localhost via a web browser.
When you access it for the first time, you will be presented with the installation wizard and must proceed as follows:

Start the installation wizard (1).
On the Credentials page, you will need to add the following:
- Database host (2): database
- Database user (3): efront
- Database password (4): efront
- Database name (5): efront
Then, we need to create the first Administrator-type user by adding the following:
- First name (6): the admin user’s first name
- Last name (7): the admin user’s last name
- Email (8): the admin user’s email address
- Username (9): the admin user’s username
- Password (10): the admin user’s password
Select Install (11) when ready.

Note: Proceed with deleting and replacing the current database values if asked.
In the activation step, add your eFront license key (12), and click Activate (13).

Note: if your server is offline you will need to follow the steps described here how to activate your offline local eFront to activate it.

Activating the cron job

Cron job is required for several actions on the platform. One example is to send out automatically queued notifications. Follow the steps below to activate it in your eFront Docker installation.

Open your Docker application.
Select “Containers” (1) and then “crond” (2).
Change to the “Exec” tab (3) and execute the following command: crontab -e
Press the “i” key on your keyboard to insert in the file and remove the # so that only the following remains:
```
*/3 * * * * /usr/local/bin/php -f /var/www/html/www/cron.php http://localhost >> /var/log/cron.log 2>&1
```
Press the “ESC” key to exit the insert and then type and run the following to save your changes:
:wq

The cron job is now up, and it’ll run every three minutes.

Services configuration

Generally, each service has been configured with mostly the default settings for a small to medium-sized production server. However, as mentioned in the Disclaimer above, you may need to adjust the configuration of the services to better suit your needs.
Both Apache and PHP are configured using configuration files that get copied inside the respective containers during the build process. This means that you can easily modify the configuration files, but you will need to rebuild the containers for the changes to take effect.
MariaDB is configured using a configuration file that gets mounted inside the container; this means you can easily modify the configuration and restart the container for the changes to take effect.
Finally, Memcached is configured by the arguments used when starting the daemon. You can alter the entrypoint.sh script that is used to start the service and then rebuild the container for the changes to take effect.
The configuration files for each service can be found in the following locations:

Apache: docker/httpd/conf.d/
PHP:
- docker/php7.4/conf.d/ for PHP
- docker/php7.4/fpm-conf.d for the FPM service
MariaDB: docker/mariadb/conf.d/mariadb.cnf
Memcached: docker/memcached/entrypoint.sh

Following the alteration of the configuration files of Apache, PHP, or Memcached, you will need to rebuild the respective container for the changes to take effect. The easiest way to do so is to open a terminal, navigate to the directory where eFront is installed, and run the following command:

docker-compose up -d --build

After editing MariaDB’s configuration file, you must restart the container for the changes to take effect. You can restart the containers by running the following commands:
Stop:

docker-compose down

Start:

 docker-compose up -d

Memcached is configured by the arguments used when starting the daemon. The arguments can be found in the docker/memcached/entrypoint.sh file. After editing the file, you must rebuild the container by running:

docker-compose up -d --build

Example 1: Increasing InnoDB Buffer Pool Size

A common modification that you may need to make is to increase the size of the InnoDB Buffer Pool in MariaDB.
To check the current size of the InnoDB Buffer Pool, you can connect to the MariaDB container:

docker exec -it database /bin/bash

Connect to the database

mysql -u efront -p

and run the following query:

SHOW VARIABLES LIKE 'innodb_buffer_pool_size';

To increase the size of the InnoDB Buffer Pool, you will need to edit the docker/mariadb/conf.d/my.cnf file. Find the innodb-buffer-pool-size = 512M line and change the value to the desired size. For example, to set the InnoDB Buffer Pool size to 1GB, you would change the line to:

innodb-buffer-pool-size = 1G

Following the change, you will need to restart the MariaDB container for the changes to take effect. After restarting the container, you can run the aforementioned commands to verify that the change has taken effect.

Example 2: Increasing the Number of PHP Workers

Another common modification you may need to make is to increase the number of PHP workers in the PHP-FPM service to handle more concurrent incoming requests. To do so, you need to edit the docker/php7.4/fpm-conf.d/www.conf file. Find the pm.max_children = 50 line and replace the value with the desired number of PHP workers.
For example, to set the number of PHP workers to 100, you would change the line to:

pm.max_children = 100

After editing the file, you need to rebuild the PHP container for the changes to take effect. You can do so, by running the following command:

docker-compose up -d --build

Using a different DB Server

You may opt to use a different server for the database instead of the one provided by the MariaDB container to satisfy specific requirements you may have. Since the containers are running in a separate network inside the host machine, you’d need to make sure that the PHP container can access the database server. To do so, you will need to perform the following steps:

Edit the docker-compose.yaml. Under the networks section, find the default network and add a new line driver: bridge to make the network a bridge network. The networks section should look like this:
```
networks:
  default:
    name: "efront-network"
    driver: bridge
```
Restart the containers so the networking changes take effect.
```
docker-compose down
docker-compose up -d
```
Verify that the containers have been started.
Test that the PHP container has access to the database server, by opening a terminal, navigating to eFront’s installation directory, and connecting to the PHP container.
```
docker exec -it php-fpm /bin/bash
```
Connect to the database server. Replace <database-server-ip> with the IP address or the hostname of the database server and <username> with the username. You will be prompted to enter the user’s password.
```
mysql -h <database-server-ip> -u <username> -p -e 'SELECT VERSION();'
```
If everything goes well, you should see the version of the database server displayed on the screen.
You can now use the IP address or the hostname of the database server in the configuration of eFront.

Installing an SSL Certificate

To install an SSL certificate on the web server, you will need to perform the following steps:

Obtain an SSL Certificate from a Certificate Authority. You can also use Let’s Encrypt to obtain a free SSL certificate. If you opt for Let’s Encrypt, skip to the Using Certbot section.
Copy the SSL certificate and the private key to the docker/httpd/ssl/ directory. If the directory does not exist, create it.
Edit the docker-compose.yaml file. Under the httpd service, make the following changes:
Add a volume that will mount the SSL certificate and the private key inside the container. Add the following lines under the volumes section:
```
volumes:
- ./:/var/www/html/
- ./docker/httpd/ssl:/usr/local/apache2/conf.d/ssl
```
Under the services section, find the httpd service. Under ports, add a binding for the 443 port, as shown below:
```
ports:
- ${HTTP_PORT:-80}:80
- ${HTTPS_PORT:-443}:443
```
Note: No other service should be using the 443 port on the host machine.
Modify the apache configuration file, to use the SSL certificate. Open the docker/httpd/conf.d/apache.conf file and proceed as follows:
Before the <VirtualHost *:80> block, add the following line, to enable listening on the 443 port:
```
Listen 443
```
Change the <VirtualHost *:80> block to <VirtualHost *:443>.
In the virtual host block, add the following lines to enable SSL:
```
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl/certificate.crt # Path to the SSL certificate file
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/private.key  # Path to the private key file

Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=63072000"
```
Replace certificate.crt with the name of the SSL certificate file and private.key with the name of the private key file. If you are using a Let’s Encrypt certificate, the files will be named fullchain.pem and privkey.pem respectively.

At the top of the file, add the following lines to enable the necessary modules:

LoadModule http2_module /usr/local/apache2/modules/mod_http2.so
LoadModule ssl_module /usr/local/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/local/apache2/modules/mod_socache_shmcb.so
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)"

After the virtual host block, create a new block that will redirect all HTTP requests to HTTPS:

<VirtualHost *:80>
  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

  DocumentRoot /var/www/html/www
  <Directory /var/www/html/www>
    AllowOverride All
    Order allow,deny
    allow from all
    Require all granted
  </Directory>
</VirtualHost>

Note: The RewriteCond line is used to exclude the Let’s Encrypt challenge from being redirected to HTTPS.

At the bottom of the file, add the following lines to configure the SSL module:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)”

Note: Depending on your security requirements, you may need to adjust the SSL configuration. Please refer to Apache’s mod_ssl documentation for more information.

Rebuild the Apache container in order for the changes to take effect. You can do so by running the following command:
```
docker-compose up -d --build
```
After the container has been rebuilt, you should be able to access the eFront portal using HTTPS.

Using Certbot (Let’s Encrypt)

Let’s Encrypt is a free, automated, and open Certificate Authority that provides free SSL certificates. In order to obtain an SSL certificate from Let’s Encrypt, you will need to use Certbot.
To install Certbot and obtain an SSL certificate, you will need to perform the following steps:

Verify that the domain you are using is pointing to the IP address of the host machine. Make sure that you can access the eFront portal using the domain name.
Create the folder where the SSL certificate and the private key will be stored. Open a terminal and navigate to the directory where eFront is installed. Run the following command:
```
mkdir -p docker/httpd/ssl
```
Edit the docker/httpd/Dockerfile file. Add the following lines at the end of the file, in order to install Certbot:
```
RUN apk add certbot
```
Edit the docker-compose.yaml file. Under the httpd service, make the following changes:
1. Add a volume that will mount the SSL certificate and the private key inside the container. Add the following lines under the volumes section:
```
volumes:
- ./:/var/www/html/
- ./docker/httpd/ssl:/usr/local/apache2/conf.d/ssl
```
2. Under the services section, find the httpd service. Under ports add a binding for the 443 port, as shown below:
```
ports:
- ${HTTP_PORT:-80}:80
- ${HTTPS_PORT:-443}:443
```
  Note: No other service should be using the 443 port on the host machine.
Restart and rebuild the containers for the networking changes and the installation of Certbot to take effect.
```
docker-compose down
docker-compose up -d --build
```
Open a terminal and navigate to the directory where eFront is installed.
Run the following command to connect to the Apache container:
```
docker exec -it httpd /bin/sh
```
Run the following command to obtain an SSL certificate:
```
certbot certonly --webroot --webroot-path /var/www/html/www --config-dir=/usr/local/apache2/conf.d/ssl -d <domain-name>
```
Replace <domain-name> with the domain name that you are using to access the eFront portal.
Follow the instructions provided by Certbot to obtain the SSL certificate.
The SSL certificate and the private key will be saved under the docker/httpd/ssl/ directory. Note the full path of the certificate and the private key as you will need to use them in the Apache configuration file.

Follow the instructions provided in the Installing an SSL Certificate section from step 4 onwards to configure Apache to use the SSL certificate.

Note: The SSL certificate obtained from Let’s Encrypt is valid for 90 days. You will need to renew the certificate before it expires. You can do so by running the following command inside the Apache container:

certbot renew --config-dir=/usr/local/apache2/conf.d/ssl

Back to top

Was this article helpful?

Have more questions?

Submit a request

How may we help you?