Skip to content

Https

Jump to bottom
meta-d edited this page Mar 22, 2024 · 2 revisions

Configuring HTTPS servers

In Docker Compose cluster

Generate a self-signed certificate

Generate ssl certificate for nginx (on macos):

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Or get a free certificate from Let's Encrypt.

Add the certificate to the Nginx container

Mounting SSH certificate as Volumes.

  webapp:
    container_name: webapp
    ...
    entrypoint: './entrypoint.compose.sh'
+   command: ['nginx', '-g', 'daemon off;', '-c', '/webapp/conf/nginx.conf']
    ports:
      - ${WEB_PORT:-80}:80
+     - ${WEB_PORT:-443}:443
    volumes:
+     - ./.volumes/webapp/:/webapp/
  • nginx -c /webapp/conf/nginx.conf param will use the custom configuration file.
  • The 443 port is added to the container to listen for HTTPS requests.
  • mount the .volumes/webapp/ folder which include the ssl certificate and nginx conf file to the /webapp/ directory in the container.

The .volumes/webapp/ folder structure should look like this:

.volumes/webapp/
│
├───ssh
|   ├───demo.com.crt
│   ├───demo.com.key
|
└───conf
    ├───nginx.conf

The nginx.conf file should be updated to use the certificate to enable ssl.

user  nginx;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include /etc/nginx/mime.types;
  
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  #gzip  on;

  upstream api {
    server api:3000;
  }

  server {
    listen              80;
+   listen              443 ssl;
+   ssl_certificate     /webapp/ssl/demo.com.crt;
+   ssl_certificate_key /webapp/ssl/demo.com.key;

    location / {
      root /srv/pangolin;
      try_files $uri $uri/ /index.html;
    }

    location /api/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
    }
    location /public/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
    }
  }
}
  • ssl_certificate ssl_certificate_key - The path to the certificate and key files in the volume that mounted in docker compose.
  • listen 443 ssl The server listens on port 443 for HTTPS requests.
  • /srv/pangolin path is the root directory for the web server.
  • location /api/ and location /public/ are the reverse proxy for the api server.

API Base Url Environment Variable

Change the API base url to use https and domain in the .env file.

API_BASE_URL=https://demo.com

Startup the cluster with the new configuration.

In Kubernetes cluster

todo

References

Love ocap? Give our repo a star ⭐ ⬆️.

© 2024 Metad Inc. All rights reserved.

Home | About | Contact

For Metad OCAP adopters

For Metad OCAP developers

Clone this wiki locally