Notes on SSL with Docker

Setting up SSL with Docker requires multiple steps. First, get your domain ready.

Make sure that your DNS domain name is mapped to the docker host's IP address
Get certificate.crt, private.key, and ca_bundle.crt files for your domain at sslforfree.com.

Second, make sure that you have the https link for publicIp in the js/secondStateJS.js file.

Third, add the following in the config/site.conf file.

<VirtualHost *:443>
    ProxyPreserveHost On
    ProxyPass /api http://127.0.0.1:8080/api
    ProxyPassReverse /api http://127.0.0.1:8080/api
    ServerName localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
    CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined

    SSLEngine on
    SSLCertificateFile /etc/apache2/certificate.crt
    SSLCertificateKeyFile /etc/apache2/private.key
    SSLCertificateChainFile /etc/apache2/ca_bundle.crt

    <Location "/">
        Header always set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
</VirtualHost>

Fourth, build and then start Docker with the following command to turn on port 443.

$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine

Fifth, start Docker and login. Create the certificate.crt, private.key, and ca_bundle.crt files under directory /etc/apache2/

Sixth, enable SSL modules.

root# cd /etc/apache2/mods-enabled
root# ln -s ../mods-available/socache_shmcb.load socache_shmcb.load
root# ln -s ../mods-available/ssl.load ssl.load
root# ln -s ../mods-available/ssl.conf ssl.conf

Finally, restart Apache from inside Docker.

root# apachectl restart

Use Let's Encrypt

Alternatively, you can use Let's Encrypt to setup SSL automatically. Start Docker with the following command to turn on port 443.

$ docker run -d -it --rm -p 80:80 -p 443:443 -v $HOME/.aws:/root/.aws search-engine

Log into Docker.

$ docker exec -it container_id bash

Next, use Let's Encrypt services to setup SSL.

$ apt update && apt upgrade
$ apt install wget
$ wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ chmod a+x /usr/sbin/certbot-auto
$ certbot-auto --apache -d search.domain.com

Next, please open the /etc/apache2/sites-enabled/*-ssl.conf file (which was created automatically by the above command) and add the following code inside the VirtualHost section.

<VirtualHost *:443>
    ... ...
    <Location "/">
        Header always set Access-Control-Allow-Origin "*"
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
        Header always set Access-Control-Max-Age "1000"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
</VirtualHost>

Replace the HTTP IP address below with your new HTTPS domain name.

ServerName in apache config config/site.conf.
publicIp in js/secondStateJS.js.

Exit docker and give it a reboot.

$ docker restart container_id

Now, you should be able access the search engine from https://search.domain.com now.

PreviousStart a search engine (Docker)NextStart a search engine (Ubuntu)

Last updated 5 years ago

Was this helpful?