Home >Operation and Maintenance >Docker >How to add ssl to services under docker

How to add ssl to services under docker

PHPz
PHPzOriginal
2023-04-04 09:27:352599browse

Deploying services in Docker has become increasingly popular. Moreover, to protect data security, many services require the use of SSL. This article will introduce how to add SSL to services under Docker.

  1. Preparation work

First, we need to prepare some necessary tools, including:

  • Docker: used to deploy services
  • Docker Compose: Simplify the deployment of Docker containers
  • Certbot: used to issue SSL certificates

Please make sure you have installed Docker and Docker Compose. If not, please first Install these two tools.

  1. Get SSL certificate

We can use Certbot to obtain SSL certificate. Certbot is a free, open source SSL certificate issuance tool that supports most operating systems and web servers.

First, we need to install Certbot via the following command:

sudo apt-get update
sudo apt-get install certbot

Next, we need to obtain the SSL certificate using the following command:

sudo certbot certonly --standalone -d example.com

Here, example.com is your domain name. When you run this command, Certbot starts a web server and verifies your domain name. If the verification is successful, Certbot will issue an SSL certificate and save it in the /etc/letsencrypt/live/example.com directory.

  1. Using an SSL Certificate

Next, we need to apply the SSL certificate to our Docker service. Here, we will use an example service (Nginx), you can apply an SSL certificate to your Docker service in a similar manner.

First, we need to add the following environment variables in the Docker Compose file:

services:
  nginx:
    image: nginx
    environment:
      - VIRTUAL_HOST=example.com
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=example.com
      - LETSENCRYPT_EMAIL=your_email@example.com

Among them, VIRTUAL_HOST and VIRTUAL_PORT define the host name and port we want the service to use. LETSENCRYPT_HOST and LETSENCRYPT_EMAIL are our domain name and email address respectively.

Next, we need to add the following volumes in the Docker Compose file:

services:
  nginx:
    image: nginx
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt:ro
    ...

This will allow us to use the SSL certificate within the Docker container.

Finally, we need to add the following to the Nginx configuration file:

server {
  listen 80;
  server_name example.com;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;

  server_name example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  location / {
    ...
  }
}

Here, we redirect port 80 to port 443 and configure the SSL certificate path. You need to replace the certificate path with your own.

  1. Running the Service

Now, we are ready to start our Docker service. Run the following command from the command line:

docker-compose up -d

This will start our Docker service and automatically bind the SSL certificate to the service.

In short, adding SSL to Docker services is indeed an important task that can make your services more secure. As long as you follow the steps described in this article, you can make your service more secure.

The above is the detailed content of How to add ssl to services under docker. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn