Web hosting with MikroTik and Docker Hub Containers

Attention MikroTik enthusiasts! It’s time to explore the world of Containers! MikroTik’s implementation of Linux containers allows users to run containerized environments within RouterOS. This feature was introduced in version 7 of the operating system.

Personally, I’ve decided to leverage my MikroTik Cloud Hosted Router (CHR) to host my WordPress blog, complete with a multisite network. You may ask, “why?” Well, as George Bernard Shaw once said, “There are those who look at things the way they are and ask why…I dream of things that never were, and ask why not?”

Great, let’s break down your plan into several steps:

  1. Initial CHR configuration:
  • Install container-7.X.npk package
  • Enable Container mode on your router
  • Configure the VETH interface and a bridge to create a network
  • Configure IP Masquerade for NAT
  1. Docker-specific settings:
  • Add Docker image repository
  • Identify and add necessary environment variables and mounts
  • Run the containers
  1. Port forwarding:
  • Set up destination NAT to allow traffic to reach the containers from the Internet
  1. Cloudflare Zero Trust Tunnel:
  • Set up a Cloudflare Zero Trust Tunnel to provide secure access to the containers from a remote location

Please, consider the selected approach as a concept and adopt it as you prefer.

Initial CHR configuration

Enabling the container mode is a necessary step to run containerized environments within RouterOS. Here’s how to do it on MikroTik RouterOS:

/system/device-mode/update container=yes

A cold reboot, a stop-start (a soft restart will do the job), was needed:

mode: enterprise
container: yes

Great, configuring the VETH interfaces is an important step for container networking. Here’s an example of how to set up the VETH interfaces on your MikroTik CHR:

add address= gateway= name=WORDPRESS
add address= gateway= name=MYSQL
add address= gateway= name=PHPMYADMIN

You can adjust the IP addresses and interface names to fit your specific network setup.

To create a bridge interface and add the VETH interfaces as ports, you can use the following commands in the MikroTik RouterOS terminal:

add name=docker
add bridge=docker interface=WORDPRESS
add bridge=docker interface=MYSQL
add bridge=docker interface=PHPMYADMIN

As the bridge interface (named docker) is the gateway, then IP is needed:

add address= interface=docker network=

To assign an IP address to the bridge interface, you can use the following command:

add action=masquerade chain=srcnat src-address=

Docker-specific settings

To pull an image from Docker Hub, you can use:

set registry-url=https://registry-1.docker.io tmpdir=disk1/pull

Yes, that’s correct. When running a Docker container, it’s important to specify any necessary mounts to ensure that important data (such as the database files or website content) is saved outside of the container itself. This allows the container to be destroyed and re-created without losing any important data.

add dst=/var/www/html name=wordpress_html src=/disk1/docker/wordpress/html
add dst=/docker-entrypoint-initdb.d name=mysql_dump src=/disk1/docker/mysql/dump
add dst=/var/lib/mysql name=mysql_data src=/disk1/docker/mysql/data

Adding environment variables can be very helpful to configure and customize the behavior of the container. It allows you to pass runtime parameters to the container that affect its operation, such as setting configuration values or specifying authentication credentials

add name=MYSQL key=MYSQL_DATABASE value=wordpress
add name=MYSQL key=MYSQL_ROOT_PASSWORD value=t00R
add name=MYSQL key=MYSQL_USER value=wordpress
add name=MYSQL key=MYSQL_PASSWORD value=dr0wssaP
add name=WORDPRESS key=WORDPRESS_DB_USER value=wordpress
add name=WORDPRESS key=WORDPRESS_DB_PASSWORD value=dr0wssaP
add name=WORDPRESS key=WORDPRESS_DB_NAME value=wordpress
add name=PHPMYADMIN key=PMA_HOST value=

Here are the commands to add the latest versions of the official Docker images for WordPress, MySQL, and phpMyAdmin:

add remote-image=wordpress:latest envlist=WORDPRESS hostname=wordpress interface=WORDPRESS mounts=wordpress_html root-dir=disk1/docker/wordpress/WORDPRESS
add remote-image=phpmyadmin:latest envlist=PHPMYADMIN hostname=phpmyadmin interface=PHPMYADMIN root-dir=disk1/docker/cloudflare/PHPMYADMIN
add remote-image=mysql:latest envlist=MYSQL hostname=mysql interface=MYSQL mounts=mysql_data,mysql_dump root-dir=disk1/docker/mysql/MYSQL

To start the containers*

/container/start number=2
/container/start number=0
/container/start number=1
/container/start number=3

*Important hints:

  • Change the RouterOS default web access (www) port from 80 appropriate (/ip/service/set www port=8081)
  • Set containers to start on boot (/container/set start-on-boot=yes 0,1,2,3)
  • What until MySQL is up and ready, then start the WORDPRESS container
  • Enable logging, if you what to have the logs for troubleshooting (/container/set logging=yes 0,1,2,3) and review your logs (/log/print follow)
  • Be consistent with your name convention

Port forwarding (Setup destination NAT)

If you have a public IP address on your router, a simple port forwarding will help you to provide access to your WordPress blog (and phpMyAdmin) from the Internet.

add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses= to-ports=80
add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses= to-ports=80

It sounds like you have successfully set up your WordPress blog and database on MikroTik RouterOS using Docker containers. Congratulations! To access your WordPress installation from the internet, you can use the public IP address of your router and the port that you forwarded to your WordPress container. You can also access phpMyAdmin to manage your database by appending:8080 to your WordPress URL.

Just keep in mind that exposing your WordPress blog to the internet can also make it vulnerable to attacks. It’s important to implement security measures, such as using strong passwords, keeping your WordPress and plugins up-to-date, and using a security plugin to protect your site from malicious attacks. You may also want to consider using Cloudflare or other content delivery networks to protect your website from DDoS attacks and other threats.

Looking forward to it! Let me know if you have any questions or need any assistance.



, , ,