Skip to main content

Overview

DVWA provides official Docker images that are automatically built from the master branch and published to GitHub Container Registry. Docker deployment offers the easiest and most consistent way to run DVWA across different platforms.

Prerequisites

  • Docker: Install Docker Engine (Linux) or Docker Desktop (Windows/Mac)
  • Docker Compose: Included with Docker Desktop; install separately for Docker Engine on Linux

Verify Installation

Check that Docker and Docker Compose are properly installed: 
docker version
docker compose version
```text

You should see version information for both commands. Example output:

```text
>>> docker version
Client:
 [...]
 Version:           23.0.5
 [...]

Server: Docker Desktop 4.19.0 (106363)
 Engine:
  [...]
  Version:          23.0.5
  [...]

>>> docker compose version
Docker Compose version v2.17.3
If you’re using Linux and the Docker package from your distribution’s package manager, it may work but support is best-effort only. For full support, install Docker Engine directly from Docker’s official repository.

Quick Start

  1. Clone the repository: 
    git clone https://github.com/digininja/DVWA.git
cd DVWA


2. **Start the containers:**

   ```bash
   docker compose up -d
  1. Access DVWA: Open your browser to http://localhost:4280
DVWA runs on port 4280 by default (not port 80) to avoid conflicts with existing services and to support rootless container engines.

Docker Compose Configuration

The compose.yml file defines the DVWA application stack: 
volumes:
  dvwa:

networks:
  dvwa:

services:
  dvwa:
    build: .
    image: ghcr.io/digininja/dvwa:latest
    pull_policy: always
    environment:
      - DB_SERVER=db
    depends_on:
      - db
    networks:
      - dvwa
    ports:
      - 127.0.0.1:4280:80
    restart: unless-stopped

  db:
    image: docker.io/library/mariadb:10
    environment:
      - MYSQL_ROOT_PASSWORD=dvwa
      - MYSQL_DATABASE=dvwa
      - MYSQL_USER=dvwa
      - MYSQL_PASSWORD=p@ssw0rd
    volumes:
      - dvwa:/var/lib/mysql
    networks:
      - dvwa
    restart: unless-stopped
```bash

### Key Components

#### DVWA Service

- **Image**: `ghcr.io/digininja/dvwa:latest` - Pre-built image from GitHub Container Registry
- **Pull Policy**: `always` - Always pulls the latest image from registry
- **Port Mapping**: `127.0.0.1:4280:80` - Maps container port 80 to host port 4280 on localhost only
- **Dependencies**: Waits for the `db` service to start
- **Restart Policy**: `unless-stopped` - Auto-starts with Docker

#### Database Service

- **Image**: `mariadb:10` - MariaDB 10.x database server
- **Credentials**: User `dvwa` with password `p@ssw0rd`
- **Persistent Storage**: Data stored in named volume `dvwa`

## Environment Variables

Customize DVWA behavior using environment variables in `compose.yml`:

```yaml
environment:
  - DB_SERVER=db
  - DEFAULT_SECURITY_LEVEL=low
  - RECAPTCHA_PUBLIC_KEY=your_key_here
  - RECAPTCHA_PRIVATE_KEY=your_private_key_here

Available Variables

VariableDefaultDescription
DB_SERVER127.0.0.1Database server hostname
DB_DATABASEdvwaDatabase name
DB_USERdvwaDatabase username
DB_PASSWORDp@ssw0rdDatabase password
DB_PORT3306Database port
DEFAULT_SECURITY_LEVELimpossibleInitial security level (low/medium/high/impossible)
DEFAULT_LOCALEenDefault language (en/zh)
DISABLE_AUTHENTICATIONfalseDisable login requirement for automated tools

Port Configuration

To run DVWA on a different port, edit the port mapping in compose.yml: 
ports:
  - 127.0.0.1:8080:80  # Change 8080 to your desired port
```bash

Access DVWA at `http://localhost:8080`

### Network Access

**Default (localhost only):**
```yaml
ports:
  - 127.0.0.1:4280:80
All network interfaces (WARNING - use with extreme caution): 
ports:
  - 4280:80
```text

**Specific network interface:**
```yaml
ports:
  - 192.168.1.100:4280:80  # Replace with your LAN IP
Only expose DVWA to your local network in controlled environments (e.g., training labs). Never expose it to the internet - it is intentionally vulnerable and will be compromised.

Development Workflows

Build Strategy: Pull vs Build

Pull from registry (default): 
pull_policy: always
```text

Uses pre-built images from GitHub Container Registry. Best for most users.

**Build from local source:**
```yaml
pull_policy: build
Builds the image from your local repository. Use when:
  • Making code modifications
  • Testing local changes
  • Contributing to DVWA development
After changing pull_policy, rebuild: 
docker compose up -d --build
```bash

### Volume Mounting for Live Development

For rapid development without rebuilding the image, mount local files into the container:

1. **Edit `compose.yml`** and uncomment the volumes section:

   ```yaml
   dvwa:
     # ...
     volumes:
       - ./:/var/www/html
  1. Copy the configuration file: 
    cp config/config.inc.php.dist config/config.inc.php


3. **Restart the containers:**

   ```bash
   docker compose up -d
Changes to local files now reflect immediately in the running container without rebuilding.

Container Management

View Logs

Terminal: 
# All services
docker compose logs

# Specific service
docker compose logs dvwa
docker compose logs db

# Follow logs in real-time
docker compose logs -f

# Export to file
docker compose logs > dvwa.log
```sql

**Docker Desktop:**

Navigate to Containers → dvwa → Select service → View logs in the GUI

### Stop Containers

```bash
# Stop without removing containers
docker compose stop

# Stop and remove containers (data preserved in volumes)
docker compose down

# Remove containers and volumes (WARNING: deletes database)
docker compose down -v

Disable Auto-Start

By default, DVWA automatically starts when Docker runs. To disable: Option 1: Remove or comment out the restart policy in compose.yml: 
# restart: unless-stopped
```bash

**Option 2**: Stop containers manually:
```bash
docker compose stop

Access Container Shell

# DVWA web server
docker compose exec dvwa /bin/bash

# Database server
docker compose exec db /bin/bash

# Database CLI
docker compose exec db mysql -u dvwa -p'p@ssw0rd' dvwa
```bash

## Troubleshooting

### Container Won't Start

Check logs for errors:
```bash
docker compose logs

Port Already in Use

Change the port mapping in compose.yml or stop the conflicting service.

Database Connection Errors

Verify the database container is running: 
docker compose ps
```bash

Check database logs:
```bash
docker compose logs db

MariaDB Memory Issues

If you see memory pressure warnings, you may need to add a volume mount: 
db:
  volumes:
    - dvwa:/var/lib/mysql
    - /sys/fs/cgroup/memory.pressure:/sys/fs/cgroup/memory.pressure
```bash

See [MariaDB Docker Issue #626](https://github.com/MariaDB/mariadb-docker/issues/626) for details.

### Reset Everything

```bash
# Stop and remove all containers and volumes
docker compose down -v

# Pull fresh images
docker compose pull

# Start from scratch
docker compose up -d

Next Steps

After starting DVWA:
  1. Navigate to http://localhost:4280
  2. Click “Setup / Reset DB” to initialize the database
  3. Log in with default credentials:
    • Username: admin
    • Password: password
  4. Start practicing on the vulnerability modules
For production-like deployments or custom configurations, consider reviewing the Linux deployment guide for manual setup options.

Build docs developers (and LLMs) love

Get started for freeTalk to us