How to setup SSL with Docker
Dhiraj Patra
Cloud-Native Architect | AI, ML, GenAI Innovator & Mentor | Quantitative Financial Analyst
I am trying to tell you the easiest way to set up SSL for your domain on any server. I have used this test #googlecloudplatform
Create your instance [https://cloud.google.com/ai-platform/deep-learning-vm/docs/quickstart-cli]
Setup your domain name to instance [https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial]
Log in to your instance with SSH or similar facilities
Go to the root of your application folder. Create a network by
docker network create nginx
Update your docker-compose file similar to this however nginx-prod and certbot is require
version: "3.4"
services:
# Nginx reverse proxy
nginx-prod:
container_name: nginx-prod
restart: always
build:
context: ./nginx
dockerfile: Dockerfile
ports:
- 80:80 # for production
- 443:443
volumes:
- ./nginx/public_html:/public_html
- ./nginx/dhparam:/etc/nginx/dhparam
- ./certbot/conf/:/etc/nginx/ssl/
- ./certbot/data:/usr/share/nginx/html/letsencrypt
networks:
- nginx
# certbot to create ssl certificate
certbot:
image: certbot/certbot
volumes:
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/logs/:/var/log/letsencrypt
- ./certbot/data:/usr/share/nginx/html/letsencrypt
# your web application it may differ for you
web:
build:
context: ./api
dockerfile: Dockerfile
container_name: web
image: orderbot
restart: always
env_file:
- ./.env
ports:
- "5000:5000"
networks:
nginx:
external: true
Hope you have already the nginx folder in the root with this structure
nginx/ conf.d/
Now create these folders at the root
- dhparam
- public_html
Add configuration file below to nginx/local.conf
server {
listen 80;
server_name YOUR_DOMAIN;
root /public_html/;
location ~ /.well-known/acme-challenge{
allow all;
root /usr/share/nginx/html/letsencrypt;
}
}
Go to dhparam folder and run the command below
openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048
Now fire up the docker-compose
docker-compose up --build -d
Now run the certbot container [kindly replace YOUR_EMAIL and YOUR_DOMAIN]
docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN
Now stop/down the docker-compose by
docker-compose down
Modify your nginx/conf.d/local.conf [replace YOUR_DOMAIN]
server {
listen 80;
server_name YOUR_DOMAIN;
location ~ /.well-known/acme-challenge{
allow all;
root /usr/share/nginx/html/letsencrypt;
}
location / {
return 301 https://YOUR_DOMAIN$request_uri;
}
}
server {
listen 443 ssl http2;
server_name YOUR_DOMAIN;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
location / {
proxy_pass https://frontend:3000;
}
}
Now fire up the docker-compose along with your other application containers. Now you can comment out the whole certbot section in the docker-compose.yml file and then run
docker-compose up --build -d docker ps
Now you can run your domain with
https://<your_domain>
More help here
https://cloud.google.com/community/tutorials/nginx-reverse-proxy-docker
About: I am a Technical Architect and Social Entrepreneur. You can find out more on https://dhirajpatra.github.io/
You have a tiny mistake on your webpage: Machine Leaerning Engineer