How to setup SSL with Docker

I am trying to tell you the easiest way to set up SSL for your domain on any server. I have used this test

Create your instance [https://cloud.google.com/ai-platform/deep-learning-vm/docs/quickstart-cli]

Setup your domain name to instance [https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial]

Log in to your instance with SSH or similar facilities
Go to the root of your application folder. Create a network by
docker network create nginx

Update your docker-compose file similar to this however nginx-prod and certbot is require

version: “3.4”
services:

nginx-prod:
container_name: nginx-prod
restart: always
build:
context: ./nginx
dockerfile: Dockerfile
ports:
– 80:80 # for production
– 443:443
volumes:
– ./nginx/public_html:/public_html
– ./nginx/dhparam:/etc/nginx/dhparam
– ./certbot/conf/:/etc/nginx/ssl/
– ./certbot/data:/usr/share/nginx/html/letsencrypt
networks:
– nginx

certbot:
image: certbot/certbot
volumes:
– ./certbot/conf/:/etc/letsencrypt
– ./certbot/logs/:/var/log/letsencrypt
– ./certbot/data:/usr/share/nginx/html/letsencrypt

web:
build:
context: ./api
dockerfile: Dockerfile
container_name: web
image: orderbot
restart: always
env_file:
– ./.env
ports:
– “5000:5000”
networks:
nginx:
external: true
Hope you have already the nginx folder in the root with this structure
nginx/
conf.d/

Now create these folders at the root

dhparam
public_html

Add configuration file below to nginx/local.conf

server
listen 80;
server_name YOUR_DOMAIN;
root /public_html/;

location ~ /.well-known/acme-challenge
  allow all;
  root /usr/share/nginx/html/letsencrypt;

Go to dhparam folder and run the command below
openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048
Now fire up the docker-compose

docker-compose up –build -d

Now run the certbot container [kindly replace YOUR_EMAIL and YOUR_DOMAIN]

docker-compose run certbot certonly –webroot –webroot-path=/usr/share/nginx/html/letsencrypt –email YOUR_EMAIL –agree-tos –no-eff-email -d YOUR_DOMAIN

Now stop/down the docker-compose by

docker-compose down

Modify your nginx/conf.d/local.conf [replace YOUR_DOMAIN]

server
listen 80;
server_name YOUR_DOMAIN;

location ~ /.well-known/acme-challenge
  allow all;
  root /usr/share/nginx/html/letsencrypt;


location / 
  return 301 https://YOUR_DOMAIN$request_uri;

server
listen 443 ssl http2;
server_name YOUR_DOMAIN;

 ssl on;
 server_tokens off;
 ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
 ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
 ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;

 ssl_buffer_size 8k;
 ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
 ssl_prefer_server_ciphers on;
 ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

location / 
    proxy_pass http://frontend:3000;

Now fire up the docker-compose along with your other application containers. Now you can comment out the whole certbot section in the docker-compose.yml file and then run

docker-compose up –build -d
docker ps

Now you can run your domain with
https://

More help here
https://cloud.google.com/community/tutorials/nginx-reverse-proxy-docker

About: I am a Technical Architect and Social Entrepreneur. You can find out more on https://dhirajpatra.github.io/


Source link