Docker is a platform for developers and sysadmins to develop, ship, and run applications. Docker lets you quickly assemble applications from components and eliminates the friction that can come when shipping code. Docker lets you get your code tested and deployed into production as fast as possible.

Docker can run on a wide variety of platforms. Visit the Docker website to learn how to install Docker on your system. NOTE: You will need Docker 1.3 or higher, as well as Docker Compose (https://docs.docker.com/compose/install/).

Complete instructions are located in our GitHub repository here: https://github.com/openach/docker-openach. The instructions below are copied from there. For the most up-to-date instructions, refer to the GitHub version.

For more on getting started with the OpenACH CLI tool, refer to the OpenACH CLI Documentation](/books/openach-cli-documentation/openach-cli-documentation).

docker-openach

Docker with OpenACH, running Apache, mod_php, and SQLite

The openach/docker-openach repository contains Dockerfile of OpenACH for Docker's automated build published to the public Docker Hub Registry.

Base Docker Image

• dockerfile/ubuntu

Installation

Prerequisites

• Install Docker.
• Install Docker Compose

Clone the Repository

Clone this repository:

    git clone https://github.com/openach/docker-openach.git
    cd docker-openach

SSL Certificates

CA-Signed Certificate

If you already have a CA-signed SSL certificate you wish to use on your installation, copy the key and certificate files to ssl/openach/. Then remove the existing symlinks and re-link your certificates to the proper names:

   rm ssl/openach/openach.crt ssl/openach/openach.key
   ln -s ssl/openach/<your_ssl.crt> ssl/openach/openach.crt
   ln -s ssl/openach/<your_ssl.key> ssl/openach/openach.key

Self-Signed Certificate

We have provided a script to simplify setting up a self-signed SSL certificate. Note that the FQDN of your server should be whatever you are using to connect to OpenACH. Typically this will just be localhost, but if you have set up your DNS or hosts file to use something different, you can certainly use that instead.

   # ./makecerts.sh 
   Generating a 4086 bit RSA private key
   ....++
   .................................++
   writing new private key to './ssl/openach-self-signed.key'
   -----
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [AU]:US
   State or Province Name (full name) [Some-State]:New York
   Locality Name (eg, city) []:New York
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company, Inc.
   Organizational Unit Name (eg, section) []:
   Common Name (e.g. server FQDN or YOUR name) []:localhost
   Email Address []:info@yourcompany.com

Optionally Build the Image

The latest OpenACH code base is automatically built into a Docker image on https://hub.docker.com. For most purposes, you can simply use that image. If you have local modifications to the Dockerfile, you may want to build your own image.

The docker-compose.yml file looks for the openach/openach image, so you can either build with that label, or build with your own and modify docker-compose.yml accordingly.

    sudo docker build -t openach/openach .

This can take a while but should eventually return a command prompt. It's done when it says "Successfully built {hash}"

Usage

    docker-compose up -d

The first time the image is run, the startup script will initialize both config/db.php and config/security.php, and install a default database in runtime/db/openach.db, assuming they don't already exist.

Access the OpenACH CLI:

    docker exec -it dockeropenach_web_1 /bin/bash

Note that you will want to use the CLI to set up a user account before you go much further. See the OpenACH CLI Documentation for more information.

Access the web interface:

Note that the web interface is primarily for trouble-shooting and basic admin functions. It is provided for convenience, but will be deprecated in future releases. As such, most administrative tasks should be done via the OpenACH CLI.

To access the web interface, open your web browser and point to http://localhost/ or https://localhost/

Most importantly, the API is accessible via the web. Assuming you are using the default localhost hostname, the API would then be located at: http://localhost/api/ or https://localhost/api/

Production Notes

When you first run "docker-compose up -d", a new encryption key will be generated for your data, and saved as config/security.php. An empty SQLite database will be created as runtime/db/openach.db, and a database config file saved as config/db.php. Subsequently, whenever you run docker-compose from the openach-docker folder, your OpenACH install will use these configs and database. If you are using the Docker image as a production environment, you will want to regularly back up config/ and runtime/db/, as your production data depends on these two folders - one for the encryption keys and the other for the database itself.

Migrating Data

To migrate your config and data to a new host, simply pull a fresh copy of the openach/docker-openach project from GitHub, build the image (if it hasn't been previously built on your server), and copy the config/ and runtime/ folders from your other installation.

Security

Your Docker container exposes both port 80 (http) and port 443 (https). Be sure to set up appropriate firewall rules on your host machine to protect traffic to these ports. Also, be aware that the config/security.php file contains your encryption key for your data - protect it and your machine accordingly.