docker-whmcs
docker-whmcs copied to clipboard
fauzie
More details about using SSL
https://docs.traefik.io will help you do that quite easily and without headaches.
we need more information than that: "Host SSL Enabled (please map your letsencrypt or other valid certificate)".
To enable TLS/SSL you need to edit the default-vhost.tmpl file.
You need to add another server block, something like this.
server {
listen 443 ssl;
ssl_certificate CERTIFICATE_LOCATION.crt;
ssl_certificate_key CERTIFICATE_KEY_LOCATION.key;
server_name {{ default .Env.VIRTUAL_HOST "whmcs.local" }};
root {{ default .Env.HOME "/var/www/whmcs" }};
index index.php index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
set_real_ip_from {{ default .Env.REAL_IP_FROM "172.17.0.0/16" }};
real_ip_header {{ default .Env.REAL_IP_HEADER "X-Forwarded-For" }};
real_ip_recursive on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
try_files $uri $uri/ /index.php;
# Announcements
rewrite ^/announcements/([0-9]+)/[a-zA-Z0-9-]+.html$ /./announcements.php?id=$1 last;
rewrite ^/announcements$ /./announcements.php last;
# Downloads
rewrite ^/download/([0-9]+)/([^/]*)$ /./downloads.php?action=displaycat&catid=$1 last;
rewrite ^/download$ /./downloads.php last;
# Knowledgebase
rewrite ^/knowledgebase/([0-9]+)/[a-zA-Z0-9-]+.html$ /./knowledgebase.php?action=displayarticle&id=$1 last;
rewrite ^/knowledgebase/([0-9]+)/([^/]*)$ /./knowledgebase.php?action=displaycat&catid=$1 last;
rewrite ^/knowledgebase$ /./knowledgebase.php last;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php-fpm{{ .Env.PHP_VERSION }}.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR {{ default .Env.WHMCS_SERVER_IP "172.17.0.1" }};
fastcgi_param HTTPS {{ default .Env.HTTPS "on" }};
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
location ~* \.(css|js|png|jpe?g|gif|ico|woff|otf|ttf|eot|svg|txt|pdf|docx?|xlsx?)$ {
expires max;
access_log off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
add_header Vary "Accept-Encoding";
}
location ~ /(\.|bower.json|composer.json|LICENSE|package.json|gulpfile.js) {
deny all;
}
}
Note the certificate part, you have to provide a certificate location.
ssl_certificate CERTIFICATE_LOCATION.crt;
ssl_certificate_key CERTIFICATE_KEY_LOCATION.key;
You should open the port 443 on your docker-compose file as well.
But with docker usually you setup a reverse proxy or a gateway that handle the connection with TLS/SSL and redirect to the service that will be using http
You can use traefik, caddy or even nginx.
See:
- https://docs.traefik.io/https/overview/
- https://medium.com/bumps-from-a-little-front-end-programmer/caddy-reverse-proxy-tutorial-faa2ce22a9c6
- https://www.freecodecamp.org/news/docker-nginx-letsencrypt-easy-secure-reverse-proxy-40165ba3aee2/
