Notes on SSL with Docker
Setting up SSL with Docker requires multiple steps. First, get your domain ready.
    Make sure that your DNS domain name is mapped to the docker host's IP address
    Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.
Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file.
Third, add the following in the config/site.conf file.
1
<VirtualHost *:443>
2
ProxyPreserveHost On
3
ProxyPass /api http://127.0.0.1:8080/api
4
ProxyPassReverse /api http://127.0.0.1:8080/api
5
ServerName localhost
6
DocumentRoot /var/www/html
7
ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
8
CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
9
10
SSLEngine on
11
SSLCertificateFile /etc/apache2/certificate.crt
12
SSLCertificateKeyFile /etc/apache2/private.key
13
SSLCertificateChainFile /etc/apache2/ca_bundle.crt
14
15
<Location "/">
16
Header always set Access-Control-Allow-Origin "*"
17
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
18
Header always set Access-Control-Max-Age "1000"
19
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
20
RewriteEngine On
21
RewriteCond %{REQUEST_METHOD} OPTIONS
22
RewriteRule ^(.*)$ $1 [R=200,L]
23
</Location>
24
</VirtualHost>
Copied!
Fourth, build and then start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/
Sixth, enable SSL modules.
1
root# cd /etc/apache2/mods-enabled
2
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
3
root# ln -s ../mods-available/ssl.load ssl.load
4
root# ln -s ../mods-available/ssl.conf ssl.conf
Copied!
Finally, restart Apache from inside Docker.
1
root# apachectl restart
Copied!

Use Let's Encrypt

Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Log into Docker.
1
$ docker exec -it container_id bash
Copied!
Next, use Let's Encrypt services to setup SSL.
1
$ apt update && apt upgrade
2
$ apt install wget
3
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
4
$ chmod a+x /usr/sbin/certbot-auto
5
$ certbot-auto --apache -d search.domain.com
Copied!
Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.
1
<VirtualHost *:443>
2
... ...
3
<Location "/">
4
Header always set Access-Control-Allow-Origin "*"
5
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
6
Header always set Access-Control-Max-Age "1000"
7
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
8
RewriteEngine On
9
RewriteCond %{REQUEST_METHOD} OPTIONS
10
RewriteRule ^(.*)$ $1 [R=200,L]
11
</Location>
12
</VirtualHost>
Copied!
Replace the HTTP IP address below with your new HTTPS domain name.
    ServerName in apache config config/site.conf.
    publicIp in js/secondStateJS.js.
Exit docker and give it a reboot.
1
$ docker restart container_id
Copied!
Now, you should be able access the search engine from https://search.domain.com now.
Last modified 2yr ago
Copy link