Dockerize PHP application for safe serving RO web site. Server several LAMP sites from Docker containers read-only. MySQL dumps are loaded at the time of containers start.

docker-compose.yml

---
nginx:
  restart: always
  image: nginx
  volumes:
    - ./nginx.conf:/etc/nginx/nginx.conf:ro
  expose:
    - "80"
  ports:
    - "80:80"
  links:
    - tiki
    - gallery
    - yuri
  dns:
    - 8.8.8.8
    - 8.8.4.4

tiki:
  restart: always
  build: TikiWiki
  ports:
    - "80"

gallery:
  restart: always
  build: Gallery2/galereya
  volumes: 
    - ./Gallery2/albums:/albums:ro
    - ./Gallery2/data:/data
    - ./Gallery2/photo:/photo
  ports:
    - "80"

yuri:
  restart: always
  build: YuraGallery2
  volumes: 
    - ./YuraGallery2/albums:/albums
  ports:
    - "80"

gallery2_Dockerfile

FROM tutum/lamp:latest

RUN rm -fr /app
ADD app /app/gallery2
RUN mkdir /app/yuri && ln -s /app/gallery2 /app/yuri && chown www-data -R /app

ADD *.bz2 /

ADD prepare.sh /prepare.sh
ADD index.html /app/index.html

VOLUME "/albums"

EXPOSE 80
CMD ["/prepare.sh"]

nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile      on;
    tcp_nopush    on;

    keepalive_timeout  65;
    gzip  on;

    server { 
        listen       80;

        location = / {
                rewrite / /tiki/ permanent;
		break;
        }

        location / {
		root /app;
                proxy_pass http://tiki;
        }

	location /yuri/gallery2 {
                proxy_pass http://yuri ;
        }

	location /yuri {
                return 301 http://www.yurikoval.com/;
        }

        location http://yarylo.sytes.net/kraiany/tiki/%D0%9D%D0%B5%D0%B4%D1%96%D0%BB%D1%8C%D0%BD%D0%B0%2B%D1%88%D0%BA%D0%BE%D0%BB%D0%B0 {
                return 301 http://dzherelce.github.io ;
        }

        location /galereya/photo {
                return 301 http://dzherelce.github.io#photo ;
        }

	location /galereya {
		root /app;
                proxy_pass http://gallery;
        }

	location /LvivKyiivTokyo {
		return 301 http://dmytro.github.io/lviv-kyiv-tokyo/ ;
	}
  }
}

prepare.sh

#!/bin/bash -x

VOLUME_HOME="/var/lib/mysql"
BACKUP=Gallery2.dump.bz2
DB=gallery

sed -ri -e "s/^upload_max_filesize.*/upload_max_filesize = 0/" \
    -e "s/^post_max_size.*/post_max_size = 0 /" /etc/php5/apache2/php.ini
if [[ ! -d $VOLUME_HOME/mysql ]]; then
    echo "=> An empty or uninitialized MySQL volume is detected in $VOLUME_HOME"
    echo "=> Installing MySQL ..."
    mysql_install_db 
    echo "=> Done!"
    /create_mysql_admin_user.sh
else
    echo "=> Using an existing volume of MySQL"
fi

exec mysqld_safe &

RET=1
while [[ RET -ne 0 ]]; do
    echo "=> Waiting for confirmation of MySQL service startup"
    sleep 5
    mysql -uroot -e "status" > /dev/null 2>&1
    RET=$?
done

mysqladmin create ${DB}
bzcat  /${BACKUP} | mysql -uroot ${DB} 
rm  /${BACKUP}

mysql -uroot -e "update g2_User set g_hashedPassword = MD5(RAND());" ${DB}
mysql -uroot -e "update g2_User set g_email = MD5(RAND());" ${DB}

killall mysqld; sleep 2
killall -9 mysqld

exec supervisord -n

TikiWiki_Dockerfile

FROM tutum/lamp:latest

RUN rm -fr /app
ADD src /app
RUN chown www-data -R /app/tiki

ADD kraiany.dump.bz2 /kraiany.dump.bz2

ADD prepare.sh /prepare.sh

VOLUME "/app"

EXPOSE 80
CMD ["/prepare.sh"]