Configure SSL and CA Certificates
In today's digital landscape, securing web applications is paramount. One of the fundamental aspects of web security is implementing SSL/TLS encryption to protect data transmitted between clients and servers. In this guide, we'll delve into configuring SSL and CA certificates for Docker-based installations, ensuring your web applications are safeguarded against potential threats.
Setting up Domain:
Begin by configuring your domain name in the Nginx configuration file. Copy the default
nginx.conffile and replace occurrences of%domainname%with your actual domain name.cp init/nginx.conf nginx.conf
# Make changes in nginx.conf replacing `%domainname%` with `domain_actual`Update the
builder_urlin thedronahq.envfile to reflect your assigned domain.nano dronahq.env
# Update builder_url to https://domain_nameRestart the web server to apply the changes.
sudo docker-compose stop webapp webserver
sudo docker-compose rm webapp webserver
sudo docker-compose up -d webapp webserver
Configuring SSL for Docker-Based Installation
Configure Self-Signed Certificates:
To configure SSL for your Docker-based installation, follow these steps to generate and implement a self-signed certificate:
Copy the default configuration file
nginx.conflocated in theinitdirectory to the root directory and make necessary changes to accommodate your domain.cp init/nginx.conf nginx.confUpdate occurrences of
%domainname%with your actual domain name in thenginx.conffile.Restart the web server to apply the updated configuration.
sudo docker-compose restart webserverGenerate the SSL certificate using Certbot with the provided Docker Compose configuration. Replace
<your_email_id>with your email address and<your_custom_domain>with your custom domain.sudo docker-compose -f certbot-docker-compose.yml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --force-renewal --email <your_email_id> -d <your_custom_domain> --agree-tos --non-interactiveCopy the default configuration file
nginx-ssl-default.conffrom theinitdirectory to the root directory, then replace occurrences of%domainname%with your actual domain name.cp init/nginx-ssl-default.conf nginx.confUpdate all occurrences of
%domainname%with your real domain in thenginx.conffile.Modify the
builder_urlin thedronahq.envfile to use HTTPS with your domain name.nano dronahq.env
# Replace builder_url with https://domain_nameRestart Services: Stop and remove the web application and web server containers, then bring them back up to apply the SSL configuration.
sudo docker-compose stop webapp webserver
sudo docker-compose rm webapp webserver
sudo docker-compose up -d webapp webserver
Configuring Custom Certificates:
- If you have custom SSL certificates, copy them to a designated folder on your machine. Let's denote this folder as XYZ.
- Update the
docker-compose.ymlfile to include the volume mapping for the certificate files. Replace/xyz/with the path to your custom certificate folder and ensure it's appropriately mounted to/certificates/within the container.Ensure that XYZ can be replaced with the actual folder name where your certificates are stored.services:
webserver:
volumes:
- /path/to/XYZ/:/certificates/:ro - Modify the
nginx.conffile to point to the custom certificate locations.cp init/nginx-ssl-default.conf nginx.conf
# Replace all occurrences of `%domainname%` with your actual domain name
Replace:
ssl_certificate /etc/nginx/ssl/live/%domainname%/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/%domainname%/privkey.pem;
With:
ssl_certificate /certificates/fullchain.pem;
ssl_certificate_key /certificates/privkey.pem; - Restart the web server to apply the custom certificate configuration.
sudo docker-compose stop webapp webserver
sudo docker-compose rm webapp webserver
sudo docker-compose up -d webapp webserver