Configure SSL and CA Certificates
In today's digital landscape, securing web applications is paramount. One of the fundamental aspects of web security is implementing SSL/TLS encryption to protect data transmitted between clients and servers. In this guide, we'll delve into configuring SSL and CA certificates for Docker-based installations, ensuring your web applications are safeguarded against potential threats.
Setting up Domain:
Begin by configuring your domain name in the Nginx configuration file. Copy the default
nginx.conffile and replace occurrences of%domainname%with your actual domain name.cp init/nginx.conf nginx.conf
# Make changes in nginx.conf replacing `%domainname%` with `domain_actual`Update the
builder_urlin thedronahq.envfile to reflect your assigned domain.nano dronahq.env
# Update builder_url to https://domain_nameRestart the web server to apply the changes.
sudo docker compose stop webapp webserver
sudo docker compose rm webapp webserver
sudo docker compose up -d webapp webserver
Configuring SSL for Docker-Based Installation
Configure Self-Signed Certificates:
To configure SSL for your Docker-based installation, follow these steps to generate and implement a self-signed certificate:
Copy the default configuration file
nginx.conflocated in theinitdirectory to the root directory and make necessary changes to accommodate your domain.cp init/nginx.conf nginx.confUpdate occurrences of
%domainname%with your actual domain name in thenginx.conffile.Restart the web server to apply the updated configuration.
sudo docker compose restart webserverGenerate the SSL certificate using Certbot with the provided Docker Compose configuration. Replace
<your_email_id>with your email address and<your_custom_domain>with your custom domain.sudo docker compose -f certbot-docker-compose.yml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --force-renewal --email <your_email_id> -d <your_custom_domain> --agree-tos --non-interactiveCopy the default configuration file
nginx-ssl-default.conffrom theinitdirectory to the root directory, then replace occurrences of%domainname%with your actual domain name.cp init/nginx-ssl-default.conf nginx.confUpdate all occurrences of
%domainname%with your real domain in thenginx.conffile.Modify the
builder_urlin thedronahq.envfile to use HTTPS with your domain name.nano dronahq.env
# Replace builder_url with https://domain_nameRestart Services: Stop and remove the web application and web server containers, then bring them back up to apply the SSL configuration.
sudo docker compose stop webapp webserver
sudo docker compose rm webapp webserver
sudo docker compose up -d webapp webserver
Configuring Custom Certificates:
- If you have custom SSL certificates, copy them to a designated folder on your machine. Let's denote this folder as XYZ.
- Update the
docker-compose.ymlfile to include the volume mapping for the certificate files. Replace/xyz/with the path to your custom certificate folder and ensure it's appropriately mounted to/certificates/within the container.Ensure that XYZ can be replaced with the actual folder name where your certificates are stored.services:
webserver:
volumes:
- /path/to/XYZ/:/certificates/:ro - Modify the
nginx.conffile to point to the custom certificate locations.cp init/nginx-ssl-default.conf nginx.conf
# Replace all occurrences of `%domainname%` with your actual domain name
Replace:
ssl_certificate /etc/nginx/ssl/live/%domainname%/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/%domainname%/privkey.pem;
With:
ssl_certificate /certificates/fullchain.pem;
ssl_certificate_key /certificates/privkey.pem; - Restart the web server to apply the custom certificate configuration.
sudo docker compose stop webapp webserver
sudo docker compose rm webapp webserver
sudo docker compose up -d webapp webserver