[Amateur remarks] I tried to automate SSL possible (self-signed certificate) with Docker-Compose

1.First of all

We automatically verified SSL enablement (self-signed certificate) using Docker-compose. I built 2 sets of WordPress, phpMyAdmin. ** Work equipment: Raspberry Pi 4 Model B OS: CentOS 8 **

2. Verification environment (folders, files)

2.1 Folder structure

 |---------- .env → environment file
 |---------- certs
 |             server.crt、server.key → Self-signed certificate file
 |---------- docker-compose.yml
 |---------- php
 |              php.ini → wordpress configuration file
 |---------- ssl
 |              default-ssl.conf → SSL configuration file
 |---------- tmp
 |              Dockerfile-pm → for phpmyadmin
 |              Dockerfile-wp → for Wordpress

2.2 Each file

.env
DBUSER=root
DBPASS=root-pass
DATABASE1=wp1-db
DATABASE2=wp2-db
DBHOST=db:3306

docker-compose.yml


version: '3.3'

services:
  db:
    image: mariadb:latest
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    container_name: mariadb
    environment:
      TZ: Asia/Tokyo
      MYSQL_ROOT_PASSWORD: ${DBPASS}

  phpmyadmin:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-pm
    volumes:
      - ./certs:/etc/ssl/private
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
    ports:
      - 8243:443
    restart: always
    container_name: phpmyadmin
    environment:
      PMA_HOST: db
      TZ: Asia/Tokyo

  wordpress1:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-wp
    volumes:
      - ./wp1:/var/www/html
      - ./certs:/etc/ssl/private
      - ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
      - ./tmp:/tmp
    ports:
      - "8043:443"
    restart: always
    container_name: wordpress1
    environment:
      TZ: Asia/Tokyo
      WORDPRESS_DB_HOST: ${DBHOST}
      WORDPRESS_DB_USER: ${DBUSER}
      WORDPRESS_DB_PASSWORD: ${DBPASS}
      WORDPRESS_DB_NAME: ${DATABASE1}

  wordpress2:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-wp
    volumes:
      - ./wp2:/var/www/html
      - ./certs:/etc/ssl/private
      - ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
      - ./tmp:/tmp
    ports:
      - "8143:443"
    restart: always
    container_name: wordpress2
    environment:
      TZ: Asia/Tokyo
      WORDPRESS_DB_HOST: ${DBHOST}
      WORDPRESS_DB_USER: ${DBUSER}
      WORDPRESS_DB_PASSWORD: ${DBPASS}
      WORDPRESS_DB_NAME: ${DATABASE2}

volumes:
    db_data: {}

php.ini


post_max_size = 20M
upload_max_filesize = 20M

** Remarks: Specify the file size for upload. ** **

default-ssl.conf


:※abridgement
32 lines SSLCertificateFile/etc/ssl/private/server.crt
Line 33 SSLCertificateKeyFile/etc/ssl/private/server.key
:※abridgement

** Remarks: This file has only 32 and 33 lines modified. ** **

Dockerfile-pm
FROM phpmyadmin:latest

RUN service apache2 start

RUN a2ensite default-ssl

RUN a2enmod ssl

Dockerfile-wp
FROM wordpress:latest

RUN service apache2 start

RUN a2ensite default-ssl

RUN a2enmod ssl

RUN chmod 777 /tmp

** Remarks: Access right is given to the tmp folder when uploading a file. ** **

3. Execute.

# docker-compose up -d
Creating network "docker_wp_default" with the default driver
Creating volume "docker_wp_db_data" with default driver
Pulling db (mariadb:latest)...
latest: Pulling from library/mariadb
a970164f39c1: Pull complete
e9c66f1fb5a2: Pull complete
94362ba2c285: Pull complete
6bcca3b8e9ae: Pull complete
4574fdafdba3: Pull complete
880d0554f10d: Pull complete
42f3039f6a26: Pull complete
84249a7eb6ff: Pull complete
d0c034fd6c1f: Pull complete
2b6de021f14a: Pull complete
0d8fa68dc283: Pull complete
675456d7859d: Pull complete
Digest: sha256:cdc553f0515a8d41264f0855120874e86761f7c69407b5cfbe49283dc195bea8
Status: Downloaded newer image for mariadb:latest
Building phpmyadmin
Step 1/4 : FROM phpmyadmin:latest
 ---> 9bd7e29f6e60
Step 2/4 : RUN service apache2 start
 ---> Running in 1053de9c2f76
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 1053de9c2f76
 ---> 68db5fb82369
Step 3/4 : RUN a2ensite default-ssl
 ---> Running in 8ddc3b6f9ecb
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
Removing intermediate container 8ddc3b6f9ecb
 ---> a20eb2b906ec
Step 4/4 : RUN a2enmod ssl
 ---> Running in 80cd71dbcf92
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Removing intermediate container 80cd71dbcf92
 ---> 2e6c3e41fd0e

Successfully built 2e6c3e41fd0e
Successfully tagged docker_wp_phpmyadmin:latest
WARNING: Image for service phpmyadmin was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress1
Step 1/5 : FROM wordpress:latest
 ---> aa391b024db5
Step 2/5 : RUN service apache2 start
 ---> Running in 9f1feb98ad8b
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 9f1feb98ad8b
 ---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
 ---> Running in 6f10096df3eb
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
Removing intermediate container 6f10096df3eb
 ---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
 ---> Running in 406f2cbef4cf
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Removing intermediate container 406f2cbef4cf
 ---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
 ---> Running in 0d2e6a1bf658
Removing intermediate container 0d2e6a1bf658
 ---> f80f64964118

Successfully built f80f64964118
Successfully tagged docker_wp_wordpress1:latest
WARNING: Image for service wordpress1 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress2
Step 1/5 : FROM wordpress:latest
 ---> aa391b024db5
Step 2/5 : RUN service apache2 start
 ---> Using cache
 ---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
 ---> Using cache
 ---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
 ---> Using cache
 ---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
 ---> Using cache
 ---> f80f64964118

Successfully built f80f64964118
Successfully tagged docker_wp_wordpress2:latest
WARNING: Image for service wordpress2 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating mariadb ... done
Creating wordpress2 ... done
Creating phpmyadmin ... done
Creating wordpress1 ... done

3.1 Check Docker.

# docker-compose ps
   Name                 Command               State               Ports            
-----------------------------------------------------------------------------------
mariadb      docker-entrypoint.sh mysqld      Up      3306/tcp                     
phpmyadmin   /docker-entrypoint.sh apac ...   Up      0.0.0.0:8243->443/tcp, 80/tcp
wordpress1   docker-entrypoint.sh apach ...   Up      0.0.0.0:8043->443/tcp, 80/tcp
wordpress2   docker-entrypoint.sh apach ...   Up      0.0.0.0:8143->443/tcp, 80/tcp

3.2 Check the Docker image.

# docker images
REPOSITORY             TAG                     IMAGE ID       CREATED              SIZE
docker_wp_wordpress1   latest                  f80f64964118   About a minute ago   494MB
docker_wp_wordpress2   latest                  f80f64964118   About a minute ago   494MB
docker_wp_phpmyadmin   latest                  2e6c3e41fd0e   About a minute ago   430MB

** Remarks: It seems to be related to WARNING: Image for service wordpress2 was built because it did not already exist. **

docker-ssl.png

Postscript

We verified by combining Docker-compose and Docker. SSL enabled was for Apache installed on Docker. This method is self-verification!

Recommended Posts

[Amateur remarks] I tried to automate SSL possible (self-signed certificate) with Docker-Compose
I started MySQL 5.7 with docker-compose and tried to connect
I tried to automate LibreOffice Calc with Ruby + PyCall.rb (Ubuntu 18.04)
I tried to interact with Java
I tried to get started with WebAssembly
I tried to implement ModanShogi with Kinx
I tried to make an automatic backup with pleasanter + PostgreSQL + SSL + docker
I tried to verify AdoptOpenJDK 11 (11.0.2) with Docker image
I tried to make Basic authentication with Java
I tried to manage struts configuration with Coggle
I tried to manage login information with JMX
I tried to link grafana and postgres [docker-compose]
I tried to break a block with java (1)
How to create an oleore certificate (SSL certificate, self-signed certificate)
I tried what I wanted to try with Stream softly.
I tried to implement file upload with Spring MVC
I tried to read and output CSV with Outsystems
I tried to implement TCP / IP + BIO with JAVA
[Java 11] I tried to execute Java without compiling with javac
I tried to get started with Spring Data JPA
I tried to draw animation with Blazor + canvas API
Docker php-apache SSL support with self-signed certificate (my memo)
HTTPS connection with Java to the self-signed certificate server
I tried to implement Stalin sort with Java Collector
roman numerals (I tried to simplify it with hash)
I tried to make an introduction to PHP + MySQL with Docker
I tried to modernize a Java EE application with OpenShift.
I tried to increase the processing speed with spiritual engineering
I tried to link chat with Minecraft server with Discord API
[Rails] I tried to implement batch processing with Rake task
I tried to create a padrino development environment with Docker
I tried to get started with Swagger using Spring Boot
I tried upgrading from CentOS 6.5 to CentOS 7 with the upgrade tool
I want to pass the startup command to postgres with docker-compose.
I tried to be able to pass multiple objects with Ractor
Since the Rspec command is troublesome, I tried to make it possible to execute Rspec with one Rake command
I tried DI with Ruby
I tried UPSERT with PostgreSQL.
I tried BIND with Docker
I tried to verify yum-cron
I tried to solve the problem of "multi-stage selection" with Ruby
I tried connecting to MySQL using JDBC Template with Spring MVC
I tried to implement the image preview function with Rails / jQuery
I tried to build an http2 development environment with Eclipse + Tomcat
I tried to implement flexible OR mapping with MyBatis Dynamic SQL
I tried connecting to Oracle Autonomous Database 21c with JDBC Thin
I tried to reimplement Ruby Float (arg, exception: true) with builtin
I tried to make an Android application with MVC now (Java)
I tried to check the operation of gRPC server with grpcurl
I tried to make a group function (bulletin board) with Rails