Notes on SSL with Docker

Search…
Setting up SSL with Docker requires multiple steps. First, get your domain ready.
Make sure that your DNS domain name is mapped to the docker host's IP address
Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.
Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file. 
Third, add the following in the config/site.conf file. 
1
<VirtualHost *:443>
2
    ProxyPreserveHost On
3
    ProxyPass /api http://127.0.0.1:8080/api
4
    ProxyPassReverse /api http://127.0.0.1:8080/api
5
    ServerName localhost
6
    DocumentRoot /var/www/html
7
    ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
8
    CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
9
​
10
    SSLEngine on
11
    SSLCertificateFile /etc/apache2/certificate.crt
12
    SSLCertificateKeyFile /etc/apache2/private.key
13
    SSLCertificateChainFile /etc/apache2/ca_bundle.crt
14
​
15
    <Location "/">
16
        Header always set Access-Control-Allow-Origin "*"
17
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
18
        Header always set Access-Control-Max-Age "1000"
19
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
20
        RewriteEngine On
21
        RewriteCond %{REQUEST_METHOD} OPTIONS
22
        RewriteRule ^(.*)$ $1 [R=200,L]
23
    </Location>
24
</VirtualHost>
Copied!
Fourth, build and then start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/
Sixth, enable SSL modules.
1
root# cd /etc/apache2/mods-enabled
2
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
3
root# ln -s ../mods-available/ssl.load ssl.load
4
root# ln -s ../mods-available/ssl.conf ssl.conf
Copied!
Finally, restart Apache from inside Docker.
1
root# apachectl restart
Copied!
Use Let's Encrypt
Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.
1
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Copied!
Log into Docker.
1
$ docker exec -it container_id bash
Copied!
Next, use Let's Encrypt services to setup SSL.
1
$ apt update && apt upgrade
2
$ apt install wget
3
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
4
$ chmod a+x /usr/sbin/certbot-auto
5
$ certbot-auto --apache -d search.domain.com
Copied!
Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.
1
<VirtualHost *:443>
2
    ... ...
3
    <Location "/">
4
        Header always set Access-Control-Allow-Origin "*"
5
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
6
        Header always set Access-Control-Max-Age "1000"
7
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
8
        RewriteEngine On
9
        RewriteCond %{REQUEST_METHOD} OPTIONS
10
        RewriteRule ^(.*)$ $1 [R=200,L]
11
    </Location>
12
</VirtualHost>
Copied!
Replace the HTTP IP address below with your new HTTPS domain name.
ServerName in apache config config/site.conf. 
publicIp in js/secondStateJS.js.
Exit docker and give it a reboot.
1
$ docker restart container_id
Copied!
Now, you should be able access the search engine from https://search.domain.com now.
Data services for contracts - Previous
Start a search engine (Docker)
Next - Data services for contracts
Start a search engine (Ubuntu)
Last modified 2yr ago
Copy link
Contents
Use Let's Encrypt