Notes on SSL with Docker
Setting up SSL with Docker requires multiple steps. First, get your domain ready.
  • Make sure that your DNS domain name is mapped to the docker host's IP address
  • Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.
Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file.
Third, add the following in the config/site.conf file.
1
<VirtualHost *:443>
2
ProxyPreserveHost On
3
ProxyPass /api http://127.0.0.1:8080/api
4
ProxyPassReverse /api http://127.0.0.1:8080/api
5
ServerName localhost
6
DocumentRoot /var/www/html
7
ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
8
CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
9
10
SSLEngine on
11
SSLCertificateFile /etc/apache2/certificate.crt
12
SSLCertificateKeyFile /etc/apache2/private.key
13
SSLCertificateChainFile /etc/apache2/ca_bundle.crt
14
15
<Location "/">
16
Header always set Access-Control-Allow-Origin "*"
17
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
18
Header always set Access-Control-Max-Age "1000"
19
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
20
RewriteEngine On
21
RewriteCond %{REQUEST_METHOD} OPTIONS
22
RewriteRule ^(.*)$ $1 [R=200,L]
23
</Location>
24
</VirtualHost>
Copied!
Fourth, build and then start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/
Sixth, enable SSL modules.
1
root# cd /etc/apache2/mods-enabled
2
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
3
root# ln -s ../mods-available/ssl.load ssl.load
4
root# ln -s ../mods-available/ssl.conf ssl.conf
Copied!
Finally, restart Apache from inside Docker.
1
root# apachectl restart
Copied!

Use Let's Encrypt

Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Log into Docker.
1
$ docker exec -it container_id bash
Copied!
Next, use Let's Encrypt services to setup SSL.
1
$ apt update && apt upgrade
2
$ apt install wget
3
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
4
$ chmod a+x /usr/sbin/certbot-auto
5
$ certbot-auto --apache -d search.domain.com
Copied!
Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.
1
<VirtualHost *:443>
2
... ...
3
<Location "/">
4
Header always set Access-Control-Allow-Origin "*"
5
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
6
Header always set Access-Control-Max-Age "1000"
7
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
8
RewriteEngine On
9
RewriteCond %{REQUEST_METHOD} OPTIONS
10
RewriteRule ^(.*)$ $1 [R=200,L]
11
</Location>
12
</VirtualHost>
Copied!
Replace the HTTP IP address below with your new HTTPS domain name.
  • ServerName in apache config config/site.conf.
  • publicIp in js/secondStateJS.js.
Exit docker and give it a reboot.
1
$ docker restart container_id
Copied!
Now, you should be able access the search engine from https://search.domain.com now.
Copy link