thecodingmachine
How do I get SSL working?
Hi ya. I'm trying to set up SSL but it's not linking the default-ssl.conf Apache config into the sites-enabled directory. If I symlink it there manually, I then get a missing cert error: /etc/ssl/certs/ssl-cert-snakeoil.pem isn't on the system. So I thought ok, should I go manually create the self-signed cert? Nope, that didn't work either.
So, I think I'm going down a rabbit hole that I shouldn't be. I'm sure you've built the platform for SSL capabilities.
Note: I actually don't think what I'm trying to do (call the AWS API) will work with a self-signed cert. 🤔
Here's my Docker files:
Dockerfile
FROM thecodingmachine/php:8.3-v4-apache
USER root
RUN apt-get update && \
apt-get install -y \
git \
libpq-dev \
libzip-dev \
unzip \
zip \
wget \
gnupg
ENV ACCEPT_EULA=Y
# Register the Microsoft repository GPG keys and add the repository
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
&& curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list \
&& apt-get update
# Install MS ODBC Driver for SQL Server and other dependencies
RUN apt-get install -y msodbcsql18 unixodbc-dev
RUN PECL_EXTENSION=sqlsrv /usr/local/lib/thecodingmachine-php/extensions/core/docker-install.sh
RUN PECL_EXTENSION=pdo_sqlsrv /usr/local/lib/thecodingmachine-php/extensions/core/docker-install.sh
ENV PHP_EXTENSIONS="sqlsrv pdo_sqlsrv"
USER docker
docker-compose.yml
version: "3.9"
services:
gxca-middleware:
build: .
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ".:/var/www/html"
environment:
PHP_EXTENSION_XDEBUG: 1
PHP_EXTENSION_MONGODB: 1
PHP_EXTENSION_MYSQLI: 0
PHP_EXTENSION_PDO_MYSQL: 0
PHP_EXTENSION_MYSQLND: 0
APACHE_DOCUMENT_ROOT: "public/"
APACHE_EXTENSION_SOCACHE_SHMCB: 1
APACHE_EXTENSION_SSL: 1
PHP_INI_MEMORY_LIMIT: -1
PHP_INI_UPLOAD_MAX_FILESIZE: 100M
PHP_INI_POST_MAX_SIZE: 100M
PHP_INI_XDEBUG__MODE: debug
PHP_INI_XDEBUG__IDEKEY: VSCODE
PHP_INI_XDEBUG__START_WITH_REQUEST: 1
PHP_INI_XDEBUG__DISCOVER_CLIENT_HOST: 1
PHP_INI_XDEBUG__REMOTE_START: 1
PHP_INI_XDEBUG__CLIENT_PORT: 9003
PHP_INI_XDEBUG__CLIENT_HOST: host.docker.internal
PHP_INI_SESSION__SAVE_HANDLER: redis
PHP_INI_SESSION__SAVE_PATH: "tcp://redis:6379"
To be honnest, i never tried to activate apache ssl. Its should work but as you seen, some vhost are not properly configured (because we do not generate the self-signed for our default vhost). I trust i will never. Instead of that you can add a reverse proxy to manage your certificate :
version: "3.9"
services:
gxca-middleware:
networks:
- back
volumes:
- ".:/var/www/html"
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.http.routers.gxca-middleware_router.rule=Host(`gxca.localhost`)
- traefik.http.routers.gxca-middleware_router.service=gxca-middleware_service
- traefik.http.services.gxca-middleware_service.loadbalancer.server.port=80
traefik:
image: traefik:2.9
command:
- --providers.docker
- --providers.docker.exposedByDefault=false
- --api.dashboard=false
networks:
- back
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
...then to configure ssl, you can use traefik features (for self signed, letsencrypt or anyothers). For example with LE :
services:
traefik:
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- [email protected]
- --certificatesresolvers.le.acme.storage=/secrets/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
ports:
- "80:80"
- "443:443"
volumes:
- traefik_data:/secrets/
volumes:
traefik_data:
driver: local
