Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to add SSL to APACHE in laradock #1316

Closed
meereenee opened this issue Dec 19, 2017 · 14 comments
Closed

How to add SSL to APACHE in laradock #1316

meereenee opened this issue Dec 19, 2017 · 14 comments
Labels
Stale

Comments

@meereenee
Copy link

meereenee commented Dec 19, 2017
edited

How to add SSL to APACHE in laradock?
@kieuminhcanh
Copy link

Hi @ekahrovic
Did you fixed it? any idea?

@meereenee
Copy link
Author

meereenee commented Jan 30, 2018
edited

@canhkieu Sorry for late response...
Yes, I successfully added SSL to apache by adding the following code to apache Dockerfile before the ENTRYPOINT line:

RUN mkdir /etc/apache2/ssl 2> /dev/null

RUN openssl genrsa -out "/etc/apache2/ssl/MY_CERT_NAME.key" 2048 \
    && openssl req -new -key "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.csr" -subj "/CN=wptest.local/O=LGS/C=UK" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/MY_CERT_NAME.csr" -signkey "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.crt"

RUN service apache2 restart

Though, Im not sure the last line must be there, I never tested if it work without it.

Also, you need to add following lines to the virtualhost conf:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/MY_CERT_NAME.crt
SSLCertificateKeyFile /etc/apache2/ssl/MY_CERT_NAME.key

@kieuminhcanh
Copy link

kieuminhcanh commented Feb 2, 2018
edited

Thanks, @ekahrovic
We need add below line before.

RUN apk add --no-cache openssl

And then, after build nginx. I got this error

/etc/nginx/ssl/demo1.key: No such file or directory
140523227229068:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/etc/nginx/ssl/demo1.key','w')
140523227229068:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:

@meereenee
Copy link
Author

nginx? I thought we were talking about apache.

@FabrizioCafolla
Copy link

FabrizioCafolla commented Apr 25, 2018
edited

i used this conf
file "apache2/Dockerfile"
before the ENTRYPOINT line

RUN mkdir /etc/apache2/ssl 2> /dev/null
RUN openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048 \
    && openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=site.com/O=LGS/C=IT" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt"

RUN a2enmod rewrite && a2enmod headers && a2enmod proxy proxy_html proxy_http xml2enc
RUN a2enmod ssl
RUN service apache2 restart

file "apache2/sites/default.apache.conf"

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName site.com
        ServerAlias *.site.com
        DocumentRoot /var/www/public

        SSLEngine on
        SSLCertificateFile "/etc/apache2/ssl/ssl_site.crt"
        SSLCertificateKeyFile "/etc/apache2/ssl/ssl_site.key"

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>

    	<Directory />
    		Options FollowSymLinks
    		AllowOverride None
    	</Directory>

        <Directory /var/www/public>
            Options FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>
</IfModule>
  1. "site.com" is your site, it must also replace it in the docker command.
  2. "ssl_site" if you would change it, you can!

@ekahrovic in the vhosts file you do not need those commands

@anchetaWern
Copy link

this doesn't seem to work. I'm trying it locally.

@stale
Copy link

stale bot commented Feb 7, 2020

Hi 👋 this issue has been automatically marked as stale 📌 because it has not had recent activity 😴. It will be closed if no further activity occurs. Thank you for your contributions ❤️.

@stale stale bot added the Stale label Feb 7, 2020
@stale
Copy link

stale bot commented Feb 28, 2020

Hi again 👋 we would like to inform you that this issue has been automatically closed 🔒 because it had not recent activity during the stale period. We really really appreciate your contributions, and looking forward for more in the future 🎈.

@stale stale bot closed this as completed Feb 28, 2020
@elbakh
Copy link

elbakh commented Jun 16, 2020

@canhkieu Sorry for late response...
Yes, I successfully added SSL to apache by adding the following code to apache Dockerfile before the ENTRYPOINT line:

RUN mkdir /etc/apache2/ssl 2> /dev/null

RUN openssl genrsa -out "/etc/apache2/ssl/MY_CERT_NAME.key" 2048 \
    && openssl req -new -key "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.csr" -subj "/CN=wptest.local/O=LGS/C=UK" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/MY_CERT_NAME.csr" -signkey "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.crt"

RUN service apache2 restart

Though, Im not sure the last line must be there, I never tested if it work without it.

Also, you need to add following lines to the virtualhost conf:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/MY_CERT_NAME.crt
SSLCertificateKeyFile /etc/apache2/ssl/MY_CERT_NAME.key

Thank you for this. Implemented it successfully without the last line

@zooneex9
Copy link

zooneex9 commented Jul 1, 2020

Can you pass and example of your final files cause i can't make it work....

@canhkieu Sorry for late response...
Yes, I successfully added SSL to apache by adding the following code to apache Dockerfile before the ENTRYPOINT line:

RUN mkdir /etc/apache2/ssl 2> /dev/null

RUN openssl genrsa -out "/etc/apache2/ssl/MY_CERT_NAME.key" 2048 \
    && openssl req -new -key "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.csr" -subj "/CN=wptest.local/O=LGS/C=UK" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/MY_CERT_NAME.csr" -signkey "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.crt"

RUN service apache2 restart

Though, Im not sure the last line must be there, I never tested if it work without it.
Also, you need to add following lines to the virtualhost conf:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/MY_CERT_NAME.crt
SSLCertificateKeyFile /etc/apache2/ssl/MY_CERT_NAME.key

Thank you for this. Implemented it successfully without the last line

@geraintdong
Copy link
Contributor

geraintdong commented Sep 3, 2020
edited

Can you pass and example of your final files cause i can't make it work....

@canhkieu Sorry for late response...
Yes, I successfully added SSL to apache by adding the following code to apache Dockerfile before the ENTRYPOINT line:

RUN mkdir /etc/apache2/ssl 2> /dev/null

RUN openssl genrsa -out "/etc/apache2/ssl/MY_CERT_NAME.key" 2048 \
    && openssl req -new -key "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.csr" -subj "/CN=wptest.local/O=LGS/C=UK" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/MY_CERT_NAME.csr" -signkey "/etc/apache2/ssl/MY_CERT_NAME.key" -out "/etc/apache2/ssl/MY_CERT_NAME.crt"

RUN service apache2 restart

Though, Im not sure the last line must be there, I never tested if it work without it.
Also, you need to add following lines to the virtualhost conf:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/MY_CERT_NAME.crt
SSLCertificateKeyFile /etc/apache2/ssl/MY_CERT_NAME.key

Thank you for this. Implemented it successfully without the last line

it looks like we have an issue with random file creation of openssl
a little fix helps me make it work

# Dockerfile
RUN mkdir /etc/apache2/ssl 2> /dev/null
RUN openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048 \
    && openssl rand -out /root/.rnd -hex 256 \
    && openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=site.com/O=LGS/C=IT" \
    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt"

RUN a2enmod rewrite && a2enmod headers && a2enmod proxy proxy_html proxy_http xml2enc
RUN a2enmod ssl
RUN service apache2 restart

# virtual host .conf
<VirtualHost *:443>
  ServerName my-domain.com
  DocumentRoot /var/www/laravel/public/
  Options Indexes FollowSymLinks
  
  SSLEngine on
  SSLCertificateFile "/etc/apache2/ssl/ssl_site.crt"
  SSLCertificateKeyFile "/etc/apache2/ssl/ssl_site.key"

  <Directory "/var/www/laravel/public/">
    AllowOverride All
    <IfVersion < 2.4>
      Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
      Require all granted
    </IfVersion>
  </Directory>

</VirtualHost>

@ultrono
Copy link

ultrono commented Sep 26, 2020

@geraintdong Cheers, all working here! 👍

For anyone else here via Google, the code within the Docker file need to come before the line

ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"]

@garbinmarcelo
Copy link
Contributor

Has this been adjusted in the new versions of Laradock? I am trying to use SSL with apache2 but without success so far. I would like it to be something like the nginx container.

@garbinmarcelo garbinmarcelo mentioned this issue Mar 16, 2021
Merged
4 tasks
@garbinmarcelo
Copy link
Contributor

Now when using Laradock it is possible to use HTTPS / SSL with the apache2 container (the step by step is in the comments of the merge), happy to have made this contribution 😀🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@kieuminhcanh @anchetaWern @meereenee @ultrono @elbakh @geraintdong @garbinmarcelo @FabrizioCafolla @zooneex9