Docker-based Dev Stack with SSL for Windows
Lightweight Docker-based local dev environment with Angie (NGINX fork), MariaDB, and PHP
featuring automatic HTTPS with green lock for every .local domain.
The System Architect’s Local Stack.
Tip
This stack is intentionally kept small and readable.
You can open every .bat file, every .conf file, every docker-compose.yml.
Change them. Break them. Fix them.
That is how you really learn.
Fully portable to run from any drive (C:, D:, USB, network shares).
✅ No hardcoded paths — runs from wherever you unzip it
✅ Per-domain certificates — each project gets its own trusted HTTPS cert
✅ Beginner-friendly — one-click domain setup with green lock in browsers
✅ Production-like — mirrors real-world LEMP stack architecture
---
config:
theme: 'base'
themeVariables:
primaryColor: '#1b417e'
primaryTextColor: '#fff'
primaryBorderColor: '#2457a8'
lineColor: '#F8B229'
secondaryColor: '#1e3363'
secondaryBorderColor: '#ff9800'
tertiaryColor: '#212527'
tertiaryBorderColor: '#272727'
---
graph TD
A[Windows Host<br><font color=white>D:\amp\...</font>] -->|Editable Files| B[www/ - sites folders]
A -->|Editable| C[config/angie-sites/ - *.conf]
A -->|mkcert.exe| D[certs/ - .pem + -key.pem]
subgraph Docker Compose Stack
E[angie container<br>Ports 80/443 exposed]
F[php-fpm container]
G[db mariadb container]
end
B -->|bind mount rw| E
B -->|bind mount rw| F
C -->|bind mount ro| E
D -->|bind mount ro| E
Browser[Browser<br>https://project.local] -->|DNS: hosts| E
E -->|fastcgi_pass| F
F -->|MySQL| G
style A fill:#da1e1e,stroke:#ff5742
style Browser fill:#0069ae,stroke:#fff
Windows Host (D:\amp\...)
│
├─ Host Folders (code & configs — fully editable in IDE/Notepad)
│ ├── www/ ← Web root (your sites: angie.local/, project.local/, ...)
│ ├── config/
│ │ ├── AMP-MANAGER.bat ← Generates CA, SSL, Configs, and scaffolding
│ │ ├── angie-sites/ ← Angie vhost configs (*.local.conf)
│ │ ├── certs/ ← SSL certs/keys (from mkcert)
│ │ ├── db-init/ # SQL bootstrap (root permissions/grants)
│ │ └── php.ini ← Custom PHP settings
│ └── logs/ ← PHP & app logs
│
│ (You edit files here directly — no container copy/sync needed)
│
├─ Docker Desktop (runs Linux VM underneath)
│ │
│ └─ Docker Compose (amp stack)
│ ├── Network (amp-network) ───────────────┐
│ │ │
│ ├── Volumes / Bind Mounts (host ↔ container mapping)
│ │ ├── D:\amp\www → /www (rw) # Sites served from host
│ │ ├── D:\amp\config\angie-sites → /etc/angie/http.d (ro) # Angie reads your vhosts
│ │ ├── D:\amp\config\certs → /etc/angie/certs (ro) # SSL certs for Angie
│ │ └── D:\amp\logs → /var/log/php (rw) # (optional) Logs to host
│ │
│ ├── Services (containers)
│ │ ├── angie (docker.angie.software/angie:latest)
│ │ │ ├─ Ports: 80:80, 443:443 Browser → localhost → Angie
│ │ │ └─ Reads configs from /etc/angie/http.d/*.local.conf
│ │ │
│ │ ├── php (webdevops/php:8.3/8.4)
│ │ │ ├─ FPM listens on 9000/tcp (internal)
│ │ │ └─ Reads code from /www (your host files — live reload)
│ │ │
│ │ └── db (mariadb:10.11)
│ │ └─ Data persisted (named volume or bind mount)
│ │
│ └── Workflow arrows (simplified)
│
└─ Browser (https://angie.local / project.local)
↓ (DNS: hosts file or wildcard → 127.0.0.1)
→ Windows host ports 80/443 → Docker published ports → Angie container
- Angie (modern NGINX fork) with HTTP/3 support
- MariaDB 11.x (MySQL-compatible)
- PHP 8.3 (with common extensions: mysqli, pdo_mysql, gd, zip, etc.)
- Automatic HTTPS via mkcert, green lock for all
.localdomains - Per-project isolation, each domain has its own certificate + config
- [ ] Todo Fully portable App, no installation required that works from any location
- Windows 10/11 (64-bit)
- Docker Desktop (with WSL2 backend recommended)
- Administrator privileges (for initial CA installation)
Option A: Git clone
git clone https://github.com/gigamaster/amp.git
Option B: Download ZIP → Extract to ANY location (C:\amp, D:\dev, USB drive, etc.)
- Navigate to
configfolder - Right-click
AMP-MANAGER.bat→ UAC/elevation to run as administrator - Click "Yes" when Windows Security dialog appears, mkcert install your Certificate Authority (CA)
- Follow prompts to create your first domain (e.g.,
angie→ becomeshttps://angie.local)
Tip
Keep ANP-MANAGER.bat handy on your desktop
Run as admin whenever you start a new project.
Takes 10 seconds to get a green-lock HTTPS site ready for development.
From amp folder (where docker-compose.yml lives):
docker compose up -d
- Create
www/angie.local/index.php:<?php phpinfo(); - Visit
https://angie.local→ ✅ Green lock!
amp/
├── config/
│ └── AMP-MANAGER.bat ← First run as Admin to manage domains/certs
├── www/
│ └── project.local/ ← Your project files (index.php/html here)
├── docker-compose.yml ← Stack definition (Angie + MariaDB + PHP)
└── README.md
| Command | Description |
|---|---|
docker compose up -d |
Start stack (run from project root) |
docker compose down |
Stop stack |
docker compose logs -f angie |
Live Angie logs |
docker compose logs -f php |
Live PHP logs |
docker compose restart angie |
Reload configs after domain changes |
Run config/AMP-MANAGER.bat Windows prompt as Administrator to:
-
Add domain: Enter
project→ creates:- Certificate:
config/certs/project.local.pem - Hosts entry:
127.0.0.1 project.local - Web root:
www/project.local/ - Angie config:
config/angie-sites/project.local.conf - Auto-restart Angie + open browser (optional)
- Certificate:
-
Remove domain: Comments out hosts entry + optional cert cleanup
(Backup saved ashosts.bak)
✅ No manual config needed — everything automated per workflow
PHP 8.3 official security support ended December 31, 2025. To switch versions:
- Edit
docker-compose.yml:services: php: # Change image tag: image: webdevops/php-nginx:8.2 # ← 8.1, 8.2, 8.3, 8.4 available - Rebuild containers:
docker compose down docker compose build --no-cache docker compose up -d
Note
All versions include same extensions (mysqli, pdo_mysql, gd, zip, etc.)
# Check what's using ports:
netstat -ano | findstr ":80"
netstat -ano | findstr ":443"
# Common culprits:
# - Skype → Settings → Advanced → uncheck "Use port 80/443"
# - IIS → Windows Features → uncheck "Internet Information Services"
# - Other dev tools (XAMPP, WSL2 nginx) → stop their services first
From PowerShell (Admin):
notepad $env:windir\System32\drivers\etc\hosts
From normal PowerShell (opens Notepad as Admin):
Start-Process notepad.exe -Verb runas -ArgumentList "$env:windir\System32\drivers\etc\hosts"
- Press
Win+R→ typecertmgr.msc→ Enter - Navigate to: Trusted Root Certification Authorities → Certificates
- Look for issuer:
mkcert <your-machine-name>\<your-username>
Firefox uses its own certificate store:
- Find root CA: Run
mkcert -CAROOTinconfigfolder - In Firefox:
about:preferences#privacy→ Certificates → View Certificates → Authorities → Import →rootCA.pem
- Ensure Docker Desktop is running (system tray icon visible)
- Restart Docker Desktop if containers won't start
- Check WSL2 integration: Docker Desktop → Settings → Resources → WSL Integration
- Officially reserved for local network use (RFC 6762)
- Never resolves on public internet → safe for development
- Works with mDNS/Bonjour on macOS/Linux (though Windows uses hosts file)
Desktop portable app
Portability: Entire stack works from any path — C:\amp, D:\projects\angie-amp, \USB\amp, etc. No configuration needed.
- ANGIE-AMP: MIT License
- Angie: BSD 2-Clause
- mkcert: BSD 3-Clause
- Docker images: webdevops/php-nginx
Made with ❤️ for simplicity and reliability