Installing SSL an cert on a LAMP Docker container (Apache)

by

This is a WIP / rough draft.

In this post I’ll run over installing an SSL cert for a web server (Apache), that is running inside a docker container (the docker container is running on a Linux server AWS Amazon Linux EC2).

  • SSH into server (thats running docker)
  • Install Certbot and generate SSL cert for the website (on host machine, that docker runs on)
  • Map cert files into Docker volume ( so inside Docker container can see them)
  • Inside the Docker container, setup Apache to use the cert files (eg default.conf , or apache.conf or whatever files your using for apache config )

to install certbot on amazon linux

https://unix.stackexchange.com/questions/741450/installing-lets-encrypt-on-amazon-linux-2023

(see Jens Answer)

once installed run:

sudo /opt/certbot/bin/certbot certonly

choose 1 to use a local server on port 80 ( this can interfere if you have something on port 80 already , I dont have anything on port 80).

importantant Then add the domains (space separated) that the cert is for in my case

if you want mysite.com and www.mysite.com , you must add both space separated

e.g.

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter ‘c’ to cancel): mysite.com www.mysite.com

relevant certs/files will be saved to these locations by default

Certificate is saved at: /etc/letsencrypt/live/mysite.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mysite.com/privkey.pem

still to write up below:

Make sure cert files can be seen inside Docker with volume (eg docker-compose.yml)

    volumes:
      - ./apache/default.conf:/etc/apache2/sites-enabled/000-default.conf
      - /etc/letsencrypt/live/mysite.com/fullchain.pem:/etc/apache2/sites-enabled/fullchain.pem
      - /etc/letsencrypt/live/mysite.com.com/privkey.pem:/etc/apache2/sites-enabled/privkey.pem

Once the cert files on the host, and mapped this into docker (above) , apache container , can see them like so

<VirtualHost *:443>
    ServerName mysite.com
    SSLEngine on
    SSLCertificateFile "/etc/apache2/sites-enabled/fullchain.pem"
    SSLCertificateKeyFile "/etc/apache2/sites-enabled/privkey.pem"

other very rough , useful notes

important to log in to ec2 instance as root ssh in (normal ) , then ‘sudo su -‘ 

docker-compose up --force-recreate --build

had to run above as changes to Dockerfile, docker-compoose.yml

main files had to change for SSL to work (/live docker-compose.yml , Dockerfile, default.conf (apache) )

Leave a Comment