docker-lamp icon indicating copy to clipboard operation
docker-lamp copied to clipboard

Published 20 hours ago verified publisher icon mattrayner

HTTPS support

Open macoopma opened this issue 5 years ago • 5 comments

Hello,

It would be awesome if this container supported https for the web applications, any plans for that or shall I add it myself ?

Thanks, Mathias.

macoopma avatar Apr 10 '20 13:04 macoopma

Hi @macoopma when you say support, what are you expecting? Added apache configs, LetsEncrypt?

Thanks, Matt

mattrayner avatar Jun 08 '20 15:06 mattrayner

Great project! It would be perfect if this project had (SSL) security-by-design.

rodgermoore avatar Jul 15 '20 06:07 rodgermoore

@rodgermoore would you be expecting to include certificates directly, or use a service like LetsEncrypt?

mattrayner avatar Jul 20 '20 08:07 mattrayner

This is a really beautiful project. I finally have no problems with user and group permissions. Unfortunately, however, in my opinion it is essential to configure the request over https. In my opinion, considering that the main use of the container is development, it may be enough to create a self-signed certificate and then configure Apache...

cristianpuddu avatar Jul 22 '20 13:07 cristianpuddu

I don't think this under the scope of this project. As load balancing, caching, etc isn't, they're network layer considerations.

Docker provides you the simplicify of spliting those services into multiple containers. Shoving everything in one container is really not a great a job.

As such, I could see this as a dev container, which is fine but throws away any and all security best practices. And as such should not be used in production.

There plenty of options out there for SSL termination with docker, certbot integration. load balaning. All of them can easily end up redirecting requests to appropriate application containers (PHP or else).

On that note, the following is an excerpt from a docker compose file I use in 2 production deploys. Includes a NGINX reverse proxy that does SSL termination, and a certbot container that automatically generates new SSL certificates for newly created containers that defined LETS_ENCRYPT_* environment variables. Certificate generation is 100% automated. Works like a charm, and can easily support add a container with the image from this project.

services:
  reverse-proxy:
    image: jwilder/nginx-proxy
    container_name: reverse-proxy
    ports:
      - 80:80
      - 443:443
    networks:
      - service_network
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - nginx-logs:/var/log/nginx
      - nginx-certs:/etc/nginx/certs
      - nginx-vhost:/etc/nginx/vhost.d
      - nginx-html:/usr/share/nginx/html

  ssl-certbot:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: ssl-certbot
    environment:
      NGINX_PROXY_CONTAINER: reverse-proxy
    networks:
      - service_network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - nginx-certs:/etc/nginx/certs
      - nginx-vhost:/etc/nginx/vhost.d
      - nginx-html:/usr/share/nginx/html
    depends_on:
      - reverse-proxy

  app:
    image: <some/image>
    container_name: app
    environment:
      VIRTUAL_HOST: app.example.local
      LETSENCRYPT_HOST: app.example.local
      LETSENCRYPT_EMAIL: [email protected]
    networks:
      - service_network

networks:
  service_network:
    driver: bridge

volumes:
  nginx-logs:
    driver: local
  nginx-certs:
    driver: local
  nginx-vhost:
    driver: local
  nginx-html:

pedro2555 avatar Sep 15 '20 11:09 pedro2555