How to setup SSL with Docker

How to setup SSL with Docker

I am trying to tell you the easiest way to set up SSL for your domain on any server. I have used this test #googlecloudplatform

Create your instance [https://cloud.google.com/ai-platform/deep-learning-vm/docs/quickstart-cli]

Setup your domain name to instance [https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial]

Log in to your instance with SSH or similar facilities

Go to the root of your application folder. Create a network by

docker network create nginx


Update your docker-compose file similar to this however nginx-prod and certbot is require

version: "3.4"

services:
# Nginx reverse proxy
nginx-prod:
  container_name: nginx-prod
  restart: always
  build:
    context: ./nginx
    dockerfile: Dockerfile
  ports:
    - 80:80 # for production
    - 443:443
  volumes:
    - ./nginx/public_html:/public_html
    - ./nginx/dhparam:/etc/nginx/dhparam
    - ./certbot/conf/:/etc/nginx/ssl/
    - ./certbot/data:/usr/share/nginx/html/letsencrypt
  networks:
    - nginx

# certbot to create ssl certificate 
certbot:
  image: certbot/certbot
  volumes:
    - ./certbot/conf/:/etc/letsencrypt
    - ./certbot/logs/:/var/log/letsencrypt
    - ./certbot/data:/usr/share/nginx/html/letsencrypt

# your web application it may differ for you
web:
  build:
    context: ./api
    dockerfile: Dockerfile
  container_name: web
  image: orderbot
  restart: always
  env_file:
    - ./.env
  ports:
    - "5000:5000"
networks:
  nginx:
    external: true

Hope you have already the nginx folder in the root with this structure

nginx/
  conf.d/

Now create these folders at the root

  • dhparam
  • public_html

Add configuration file below to nginx/local.conf

server {
    listen 80;
    server_name YOUR_DOMAIN;
    root /public_html/;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }
}

Go to dhparam folder and run the command below

openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048

Now fire up the docker-compose

docker-compose up --build -d

Now run the certbot container [kindly replace YOUR_EMAIL and YOUR_DOMAIN]

docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN

Now stop/down the docker-compose by

docker-compose down

Modify your nginx/conf.d/local.conf [replace YOUR_DOMAIN]

server {
    listen 80;
    server_name YOUR_DOMAIN;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }

    location / {
      return 301 https://YOUR_DOMAIN$request_uri;
    }
}

server {
     listen 443 ssl http2;
     server_name YOUR_DOMAIN;

     ssl on;
     server_tokens off;
     ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
     ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
     
     ssl_buffer_size 8k;
     ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    location / {
        proxy_pass https://frontend:3000;
    }

}

Now fire up the docker-compose along with your other application containers. Now you can comment out the whole certbot section in the docker-compose.yml file and then run

docker-compose up --build -d
docker ps

Now you can run your domain with

https://<your_domain>

More help here

https://cloud.google.com/community/tutorials/nginx-reverse-proxy-docker

About: I am a Technical Architect and Social Entrepreneur. You can find out more on https://dhirajpatra.github.io/


You have a tiny mistake on your webpage: Machine Leaerning Engineer

回复

要查看或添加评论,请登录

Dhiraj Patra的更多文章

  • GAN, Stable Diffusion, GPT, Multi Modal Concept

    GAN, Stable Diffusion, GPT, Multi Modal Concept

    In recent years, advancements in artificial intelligence (AI) and machine learning (ML) have revolutionized how we…

  • Forced Labour of Mobile Industry

    Forced Labour of Mobile Industry

    Today I want to discuss a deeply troubling and complex issue involving the mining of minerals used in electronics…

  • NVIDIA DGX Spark: A Detailed Report on Specifications

    NVIDIA DGX Spark: A Detailed Report on Specifications

    nvidia NVIDIA DGX Spark: A Detailed Report on Specifications The NVIDIA DGX Spark represents a significant leap in…

  • Future Career Options in Emerging & High-growth Technologies

    Future Career Options in Emerging & High-growth Technologies

    1. Artificial Intelligence & Machine Learning Generative AI (LLMs, AI copilots, AI automation) AI for cybersecurity and…

  • Construction Pollution in India: A Silent Killer of Lungs and Lives

    Construction Pollution in India: A Silent Killer of Lungs and Lives

    Construction Pollution in India: A Silent Killer of Lungs and Lives India is witnessing rapid urbanization, with…

  • COBOT with GenAI and Federated Learning

    COBOT with GenAI and Federated Learning

    The integration of Generative AI (GenAI) and Large Language Models (LLMs) is poised to significantly enhance the…

  • Robotics Study Guide

    Robotics Study Guide

    image credit wikimedia Here is a comprehensive study guide for robotics covering the topics you mentioned: Linux for…

  • Some Handy Git Use Cases

    Some Handy Git Use Cases

    Let's dive deeper into Git commands, especially those that are more advanced and relate to your workflow. Understanding…

  • Kafka with KRaft (Kafka Raft)

    Kafka with KRaft (Kafka Raft)

    Kafka and KRaft (Kafka Raft) Explained with Examples 1. What is Kafka? Kafka is a distributed event streaming platform…

  • Conversational AI Agent for SME Executive

    Conversational AI Agent for SME Executive

    Use Case: Consider Management Consulting companies like McKinsey, PwC or BCG. They consult with large scale enterprises…

社区洞察