Skip to content

Latest commit

 

History

History
96 lines (71 loc) · 3.12 KB

README.md

File metadata and controls

96 lines (71 loc) · 3.12 KB

Apache FPM container based on phusion

Simple apache-vhost that serves content from /var/www/web - php-requests are proxied to a linked fpm-container named "fpm" on port 9000.

Dory

Use the following if you use dory (much of the same applies for nginx-proxy and dinghy-http-proxy which Dory is based on).

    environment:
      VIRTUAL_HOST: example.docker
      VIRTUAL_PORT: 80
      # Use the following if you want to handle redirects from http to https yourself.
      HTTPS_METHOD: noredirect

Using autogenerated certificates

This require Dory version 1.0.3, use dory upgrade to upgrade

If you don't already have a Dory configuration-file, have it generate one by running dory config then update the update ssl_certs_dir configuration:

  nginx_proxy:
    enabled: true
    container_name: dory_dinghy_http_proxy
    https_enabled: true
    # Update the follow line to point at the dev_certificates
    ssl_certs_dir: <your homedir>/.local/share/dev_certificates
    image: codekitchen/dinghy-http-proxy:latest

Then mount that directory into the apache-fpm container so that its auto-generated certificates will be accessible to Dory.

    volumes:
      - '${HOME}/.local/share/dev_certificates:/cert:rw'

Then follow the steps in the mkcert sections to specify which certificates to generate and have your OS trust them.

mkcert

This image has mkcert builtin.

Install mkcert on your host machine and generate and install a root certificate by running mkcert -install on your host machine (one time only).

Mac users should then do (one time only):

$ mkdir -p ~/.local/share && ln -s "$(mkcert -CAROOT)"  ~/.local/share

Then you add the generated CAROOT as a volume (the path on the host machine is the output of mkcert -CAROOT).

In your docker-compose.yml supply one or more host names to be be used for HTTPS. Host names will be search for in these location and in this order:

  1. environment variable MKCERT_DOMAINS (several hostnames separated by space is possible, you can even supply a wildcard domain),
  2. the environment variable VIRTUAL_HOST (as used by Dinghy HTTP Proxy), or
  3. the output of hostname -f in the container (which can be set with the hostname and domainname options).

Mkcert will always add the IPs of the container to the certificate, so curl'ing HTTPS on the IP should always work.

    volumes:
      - '${HOME}/.local/share/mkcert:/mkcert:ro'

    environment:
      MKCERT_DOMAINS: "example.docker *.example.docker local.docker"

    hostname: example
    domainname: docker

Full example configuration

    volumes:
      - '${HOME}/.local/share/mkcert:/mkcert:ro'
      - '${HOME}/.local/share/dev_certificates:/cert:rw'

    environment:
      MKCERT_DOMAINS: "example.docker *.example.docker local.docker"
      VIRTUAL_HOST: example.docker
      VIRTUAL_PORT: 80
      HTTPS_METHOD: noredirect