Notes on SSL with Docker

Setting up SSL with Docker requires multiple steps. First, get your domain ready.
Make sure that your DNS domain name is mapped to the docker host's IP address
Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.
Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file. 
Third, add the following in the config/site.conf file. 
<VirtualHost *:443>
    ProxyPreserveHost On
    ProxyPass /api http://127.0.0.1:8080/api
    ProxyPassReverse /api http://127.0.0.1:8080/api
    ServerName localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
    CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
​
    SSLEngine on
    SSLCertificateFile /etc/apache2/certificate.crt
    SSLCertificateKeyFile /etc/apache2/private.key
    SSLCertificateChainFile /etc/apache2/ca_bundle.crt
​
    <Location "/">
        Header always set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
</VirtualHost>
Fourth, build and then start Docker with the following command to turn on port 443.
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/
Sixth, enable SSL modules.
root# cd /etc/apache2/mods-enabled
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
root# ln -s ../mods-available/ssl.load ssl.load
root# ln -s ../mods-available/ssl.conf ssl.conf
Finally, restart Apache from inside Docker.
root# apachectl restart
Use Let's Encrypt
Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.
$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine
Log into Docker.
$ docker exec -it container_id bash
Next, use Let's Encrypt services to setup SSL.
$ apt update && apt upgrade
$ apt install wget
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ chmod a+x /usr/sbin/certbot-auto
$ certbot-auto --apache -d search.domain.com
Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.
<VirtualHost *:443>
    ... ...
    <Location "/">
        Header always set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
</VirtualHost>
Replace the HTTP IP address below with your new HTTPS domain name.
ServerName in apache config config/site.conf. 
publicIp in js/secondStateJS.js.
Exit docker and give it a reboot.
$ docker restart container_id
Now, you should be able access the search engine from https://search.domain.com now.
Data services for contracts - Previous
Start a search engine (Docker)
Next - Data services for contracts
Start a search engine (Ubuntu)
Last updated 7 months ago