Links

Notes on SSL with Docker

Setting up SSL with Docker requires multiple steps. First, get your domain ready.
  • Make sure that your DNS domain name is mapped to the docker host's IP address
  • Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.
Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file.
Third, add the following in the config/site.conf file.
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass /api http://127.0.0.1:8080/api
ProxyPassReverse /api http://127.0.0.1:8080/api
ServerName localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certificate.crt
SSLCertificateKeyFile /etc/apache2/private.key
SSLCertificateChainFile /etc/apache2/ca_bundle.crt
<Location "/">
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
</VirtualHost>
Fourth, build and then start Docker with the following command to turn on port 443.
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/
Sixth, enable SSL modules.
root# cd /etc/apache2/mods-enabled
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
root# ln -s ../mods-available/ssl.load ssl.load
root# ln -s ../mods-available/ssl.conf ssl.conf
Finally, restart Apache from inside Docker.
root# apachectl restart

Use Let's Encrypt

Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Log into Docker.
$ docker exec -it container_id bash
Next, use Let's Encrypt services to setup SSL.
$ apt update && apt upgrade
$ apt install wget
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ chmod a+x /usr/sbin/certbot-auto
$ certbot-auto --apache -d search.domain.com
Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.
<VirtualHost *:443>
... ...
<Location "/">
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
</VirtualHost>
Replace the HTTP IP address below with your new HTTPS domain name.
  • ServerName in apache config config/site.conf.
  • publicIp in js/secondStateJS.js.
Exit docker and give it a reboot.
$ docker restart container_id
Now, you should be able access the search engine from https://search.domain.com now.