Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do I get SSL working? #388

Open
joelataylor opened this issue Apr 16, 2024 · 1 comment
Open

How do I get SSL working? #388

joelataylor opened this issue Apr 16, 2024 · 1 comment
Labels
information Issue still active to avoid duplicate (information about deprecated version, workaround, doc...)

Comments

@joelataylor
Copy link

joelataylor commented Apr 16, 2024
edited
Loading

Hi ya. I'm trying to set up SSL but it's not linking the default-ssl.conf Apache config into the sites-enabled directory. If I symlink it there manually, I then get a missing cert error: /etc/ssl/certs/ssl-cert-snakeoil.pem isn't on the system. So I thought ok, should I go manually create the self-signed cert? Nope, that didn't work either.

So, I think I'm going down a rabbit hole that I shouldn't be. I'm sure you've built the platform for SSL capabilities.

Note: I actually don't think what I'm trying to do (call the AWS API) will work with a self-signed cert. 🤔

Here's my Docker files:

Dockerfile

FROM thecodingmachine/php:8.3-v4-apache

USER root

RUN apt-get update && \
    apt-get install -y \
        git \
        libpq-dev \
        libzip-dev \
        unzip \
        zip \
        wget \
        gnupg

ENV ACCEPT_EULA=Y

# Register the Microsoft repository GPG keys and add the repository
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
    && curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list \
    && apt-get update

# Install MS ODBC Driver for SQL Server and other dependencies
RUN apt-get install -y msodbcsql18 unixodbc-dev

RUN PECL_EXTENSION=sqlsrv /usr/local/lib/thecodingmachine-php/extensions/core/docker-install.sh
RUN PECL_EXTENSION=pdo_sqlsrv /usr/local/lib/thecodingmachine-php/extensions/core/docker-install.sh
ENV PHP_EXTENSIONS="sqlsrv pdo_sqlsrv"

USER docker

docker-compose.yml

version: "3.9"
services:
    gxca-middleware:
        build: .
        restart: always
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - ".:/var/www/html"
        environment:
            PHP_EXTENSION_XDEBUG: 1
            PHP_EXTENSION_MONGODB: 1
            PHP_EXTENSION_MYSQLI: 0
            PHP_EXTENSION_PDO_MYSQL: 0
            PHP_EXTENSION_MYSQLND: 0
            APACHE_DOCUMENT_ROOT: "public/"
            APACHE_EXTENSION_SOCACHE_SHMCB: 1
            APACHE_EXTENSION_SSL: 1
            PHP_INI_MEMORY_LIMIT: -1
            PHP_INI_UPLOAD_MAX_FILESIZE: 100M
            PHP_INI_POST_MAX_SIZE: 100M
            PHP_INI_XDEBUG__MODE: debug
            PHP_INI_XDEBUG__IDEKEY: VSCODE
            PHP_INI_XDEBUG__START_WITH_REQUEST: 1
            PHP_INI_XDEBUG__DISCOVER_CLIENT_HOST: 1
            PHP_INI_XDEBUG__REMOTE_START: 1
            PHP_INI_XDEBUG__CLIENT_PORT: 9003
            PHP_INI_XDEBUG__CLIENT_HOST: host.docker.internal
            PHP_INI_SESSION__SAVE_HANDLER: redis
            PHP_INI_SESSION__SAVE_PATH: "tcp://redis:6379"
@mistraloz
Copy link
Collaborator

To be honnest, i never tried to activate apache ssl. Its should work but as you seen, some vhost are not properly configured (because we do not generate the self-signed for our default vhost). I trust i will never.
Instead of that you can add a reverse proxy to manage your certificate :

version: "3.9"
services:
  gxca-middleware:
    networks:
      - back
   volumes:
      - ".:/var/www/html"
   labels:
      - traefik.enable=true
      - traefik.docker.network=traefik
      - traefik.http.routers.gxca-middleware_router.rule=Host(`gxca.localhost`)
      - traefik.http.routers.gxca-middleware_router.service=gxca-middleware_service
      - traefik.http.services.gxca-middleware_service.loadbalancer.server.port=80
  traefik:
    image: traefik:2.9
    command:
      - --providers.docker
      - --providers.docker.exposedByDefault=false
      - --api.dashboard=false
    networks:
      - back
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

...then to configure ssl, you can use traefik features (for self signed, letsencrypt or anyothers).
For example with LE :

services:
  traefik:
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.le.acme.email=your@email.com
      - --certificatesresolvers.le.acme.storage=/secrets/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/secrets/
volumes:
  traefik_data:
    driver: local

@mistraloz mistraloz added the information Issue still active to avoid duplicate (information about deprecated version, workaround, doc...) label Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
information Issue still active to avoid duplicate (information about deprecated version, workaround, doc...)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joelataylor @mistraloz