Friday

How to setup SSL with Docker

 I am trying to tell you the easiest way to set up SSL for your domain on any server. I have used this test #googlecloudplatform

Create your instance [https://cloud.google.com/ai-platform/deep-learning-vm/docs/quickstart-cli]

Setup your domain name to instance [https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial]

Log in to your instance with SSH or similar facilities

Go to the root of your application folder. Create a network by

docker network create nginx

Update your docker-compose file similar to this however nginx-prod and certbot is require

version: "3.4"services:# Nginx reverse proxynginx-prod:  container_name: nginx-prod  restart: always  build:    context: ./nginx    dockerfile: Dockerfile  ports:    - 80:80 # for production    - 443:443  volumes:    - ./nginx/public_html:/public_html    - ./nginx/dhparam:/etc/nginx/dhparam    - ./certbot/conf/:/etc/nginx/ssl/    - ./certbot/data:/usr/share/nginx/html/letsencrypt  networks:    - nginx
# certbot to create ssl certificate certbot:  image: certbot/certbot  volumes:    - ./certbot/conf/:/etc/letsencrypt    - ./certbot/logs/:/var/log/letsencrypt    - ./certbot/data:/usr/share/nginx/html/letsencrypt
# your web application it may differ for youweb:  build:    context: ./api    dockerfile: Dockerfile  container_name: web  image: orderbot  restart: always  env_file:    - ./.env  ports:    - "5000:5000"
networks:  nginx:    external: true

Hope you have already the nginx folder in the root with this structure

nginx/
  conf.d/

Now create these folders at the root

  • dhparam
  • public_html

Add configuration file below to nginx/local.conf

server {
    listen 80;
    server_name YOUR_DOMAIN;
    root /public_html/;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }
}

Go to dhparam folder and run the command below

openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048

Now fire up the docker-compose

docker-compose up --build -d

Now run the certbot container [kindly replace YOUR_EMAIL and YOUR_DOMAIN]

docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN

Now stop/down the docker-compose by

docker-compose down

Modify your nginx/conf.d/local.conf [replace YOUR_DOMAIN]

server {
    listen 80;
    server_name YOUR_DOMAIN;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }

    location / {
      return 301 https://YOUR_DOMAIN$request_uri;
    }
}

server {
     listen 443 ssl http2;
     server_name YOUR_DOMAIN;

     ssl on;
     server_tokens off;
     ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
     ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
     
     ssl_buffer_size 8k;
     ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    location / {
        proxy_pass http://frontend:3000;
    }

}

Now fire up the docker-compose along with your other application containers. Now you can comment out the whole certbot section in the docker-compose.yml file and then run

docker-compose up --build -d
docker ps

Now you can run your domain with

https://<your_domain>

More help here

https://cloud.google.com/community/tutorials/nginx-reverse-proxy-docker

About: I am a Technical Architect and Social Entrepreneur. You can find out more on https://dhirajpatra.github.io/



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Scikit-learn