How to use Https ?

[silvermoonfox]

Hi,
I used default setting is OK for http
but I want to use https for this container, where can I modify config?

I already used

docker run -p 80:80 -p 443:443 -e THREADS=24 -v openstreetmap-data:/var/lib/postgresql/10/main -v openstreetmap-rendered-tiles:/var/lib/mod_tile -d overv/openstreetmap-tile-server run

to open 443 port ,but it's seen not work....

is there other way to set that ?

Thanks.

[Istador]

This project uses apache to serve the rendered tiles over HTTP.

Opening the 443 port didn't work for you, because the apache server inside the docker container isn't listening on port 443 to serve HTTPS but only HTTP on port 80.
In order to offer HTTPS by this docker image natively you would need to modify the apache.conf and mount your certificate and your private key into the docker container.

Alternatively you could put a proxy (e.g. traefik, nginx, apache) in-front of the OSM docker container that handles HTTP and HTTPS to the outside, either on your host system or encapsulated in another docker container on your system, that internally forwards the requests to the OSM container on port 80.
That way you don't have to modify the content of the OSM container and it - what I personally prefer - separates the HTTP(S) handling and especially the private key from the OSM container that maintains the postgres database, tile rendering and storage.

[Istador]

With docker-compose and nginx this could look like so:

docker-compose.yml:

version: "3.7"

volumes:
  openstreetmap-data:
  openstreetmap-rendered-tiles:

services:

  proxy:
    image: nginx
    volumes:
    - ./nginx.conf:/etc/nginx/conf.d/default.conf
    - ./domain.crt:/etc/nginx/conf.d/domain.crt
    - ./domain.key:/etc/nginx/conf.d/domain.key
    ports:
    - 0.0.0.0:80:80
    - 0.0.0.0:443:443
    depends_on:
    - osm
    restart: always

  osm:
    image: overv/openstreetmap-tile-server
    command: run
    environment:
    - THREADS=24
    volumes:
    - openstreetmap-data:/var/lib/postgresql/10/main
    - openstreetmap-rendered-tiles:/var/lib/mod_tile
    shm_size: 128M
    restart: always

---

nginx.conf:

server {
  server_name _;

  listen 80 default_server;
  listen 443 ssl default_server;

  ssl_certificate /etc/nginx/conf.d/domain.crt;
  ssl_certificate_key /etc/nginx/conf.d/domain.key;

  location ~ ^/tile/[0-9]+/[0-9]+/[0-9]+.png$ {
    proxy_pass http://osm;
  }
}

---

Initialization (in the same directory):

# generate certificate and private key
# (normally you want the cert signed by a CA. I'd recommend to use Let's Encrypt instead of this step)
openssl  req  -x509  -nodes  -days 365  -newkey rsa:8192  -keyout domain.key  -out domain.crt

# download PBF file
wget  -O data.osm.pbf  https://download.geofabrik.de/europe/germany/hamburg-latest.osm.pbf

# initializes the database and import the PBF file
docker-compose  run  -v "/`pwd`/data.osm.pbf":/data.osm.pbf  osm  import

# start the services
docker-compose  up  -d

# pre-render all tiles on zoom levels 0 to 5
docker-compose  exec  osm  render_list  -a  -f  -m ajt  -z 0  -Z 5

---

If you want to use your already existing named volumes that contain your imported database and pre-rendered tiles (from your other issue), you can change the volumes section to the following (and skip the import and pre-render in the Initialization):

volumes:
  openstreetmap-data:
    external: true
  openstreetmap-rendered-tiles:
    external: true

[Overv]

Additionally I recommend looking into the Let's Encrypt companion for nginx to simplify HTTPS even more.

[Rex-Legor]

this may help someone struggling with this:
in my case it was not enough to use nginx for enabling https, I also needed to configure a proxy this way:
https://www.serverlab.ca/tutorials/containers/docker/how-to-set-the-proxy-for-docker-on-ubuntu/