Configuration of PrestaShop on VPS with Docker, nginx, SSL (Let’s Encrypt), and phpMyAdmin

Configuring PrestaShop with Docker and Nginx server allows launching an online store in a secure environment.

Unfortunately, for some reasons (that are strange and unclear to me), the official Docker image, which I runned easily on localhost gave me a lot of challenges running on myVPS. There is a lack of specific information in the documentation on how to prepare the setup.

After testing various solutions described online, below is the configuration that works for me.

Technological stack:

• Debian 12 (VPS server)
• Docker
• nginx (as a reverse proxy) + SSL from Let’s Encrypt
• MySQL
• phpMyAdmin

We will run Nginx directly on the server, but PrestaShop, phpMyAdmin, and MySQL will run in docker containers.

Note

The presented configuration is intended for developers. It is NOT suitable as a production setup.

Before you configure the store, make sure you have Nginx running and ports 80 and 443 are open.

Installation and configuration of Docker:

services:
  prestashop:
    image: prestashop/prestashop:latest
    environment:
      - DB_SERVER=db
      - DB_NAME=prestashop
      - DB_USER=prestashop
      - DB_PASSWD=prestashop
      - PS_DOMAIN=shop.frontandback.pl
      - PS_ENABLE_SSL=1
      - PS_INSTALL_AUTO=1
      - PS_ERASE_DB=1
      - PS_INSTALL_DB=1
      - PS_FOLDER_ADMIN=_admin
      - ADMIN_MAIL=demo@prestashop.com
      - ADMIN_PASSWD=prestashop_demo
    links:
      - db
    volumes:
       - psdata:/var/www/html
    depends_on:
      - db
    ports:
      - 8080:80
    networks:
      - prestashop-net
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:8080" ]
      interval: 30s
      timeout: 10s
      retries: 5
  db:
    image: mysql:5.7
    container_name: some-mysql
    command: --default-authentication-plugin=mysql_native_password
    environment:
      - MYSQL_ROOT_PASSWORD=admin
      - MYSQL_DATABASE=prestashop
      - MYSQL_USER=prestashop
      - MYSQL_PASSWORD=prestashop
    networks:
      - prestashop-net
    volumes:
      - dbdata:/var/lib/mysql
  phpmyadmin:
    image: phpmyadmin
    restart: always
    ports:
      - 8081:80
    networks:
      - prestashop-net
networks:
  prestashop-net:
volumes:
  dbdata:
  psdata:

The documentation for the Docker image can be found here:

• https://devdocs.prestashop-project.org/8/basics/installation/environments/docker/

• https://hub.docker.com/r/prestashop/prestashop/

I pay attention to the following variables:

PS_ERASE_DB=1 // Database cleanup on container startup
PS_INSTALL_DB=1 // Database installation
PS_DOMAIN=shop.frontandback.pl // Setting the domain to which the store should be directed
PS_INSTALL_AUTO=1 // Automatic installation
PS_ENABLE_SSL=1 // Enabling SSL

PS. During the automatic installation of PrestaShop, it tries to detect the domain on which it is hosted. When configuring with a reverse proxy, the store will be configured to redirect to its internal address, and we won’t see the website. By setting PS_DOMAIN to the address of our domain, we should be able to view the store. We also need to set PS_ENABLE_SSL=1 so that PrestaShop correctly sets headers and communication protocol. Without this, we will receive a message about an insecure connection, and adding automatic redirection to port 433 will prevent us from seeing the site.

Configuring Nginx with SSL Support

After configuring PrestaShop, it’s necessary to set up the Nginx server to support the SSL protocol. This involves generating an SSL certificate and appropriately configuring Nginx files.

// /etc/ngninx/sites-available/shop_frontandback

server {
    server_name shop.frontandback.pl www.shop.frontandback.pl;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	          proxy_set_header X-Forwarded-Host $http_host;
		        proxy_set_header X-Forwarded-Proto $scheme;

	          proxy_pass http://192.168.0.4/;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mstys.it/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mstys.it/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    server_name shop.frontandback.pl www.shop.frontandback.pl;
    location / {
        return 301 https://$host$request_uri;
    }

    return 404; # managed by Certbot
}

The configuration is not perfect, but for our needs, it is entirely sufficient.

What’s commented as # managed by Certbot is added by the Certbot script, run to generate the certificate.

Instructions on how to do this on Debian/Ubuntu can be found, for example, here: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Configuring a reverse proxy requires providing the IP address of our container (this line proxy_pass [http://192.168.0.4/;](http://192.168.0.4/;)).

You can find the container’s IP address using the command:

docker inspect -f \
'{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 87bf9b1d0e19


// where 87bf9b1d0e19 - id of container

Note

After making changes to the server configuration, it’s always a good idea to run: sudo nginx -t to test the configuration
and then
sudo systemctl reload nginx to reload the configuration.

After starting the Docker image, I recommend patiently waiting for a few minutes. Sometimes, the automatic installation takes a while.