Docker – Run cakephp application over https
I’m trying to dockerize a cakephp app, i have a container that deploy the app over http (8080 port) and works fine, but the application must be work over https, when include the configuration to enable ssl and self-signed SSL certificate on apache2 doesnt work. THe certificate was generated on the local machine and copied to the container sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/davids/Desktop/DOCKER/OCA/mykey.com.key -out /home/davids/Desktop/DOCKER/OCA/mycert.com.crt
The app over http (works fine)
The app with SSL configuration (doesn’t work)
What am i doing wrong? How can i do to deploy the app over https?
Dockerfile
FROM ubuntu:18.04
#DEFINE ENVIRONMENT VARIALBES
ENV DEBIAN_FRONTEND=noninteractive
ENV OCA_HOME /var/www/html/oca
ENV INITIAL /etc/apache2
ENV SITES /etc/apache2/sites-enabled
ENV SITES2 /etc/apache2/sites-available
ENV CERTIFICATE /etc/ssl/certs
ENV KEY /etc/ssl/private
#INSTALL TOOLS
RUN apt-get update -y
&& apt-get -y install apache2
&& apt-get -y install php php-mysql php-intl php-zip php-mbstring php-xml php7.2-curl php7.2-gd git wget curl openssl ghostscript
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
&& chmod -R 777 /var/www/html/
&& mkdir $OCA_HOME
&& a2enmod rewrite
&& a2enmod ssl
WORKDIR $INITIAL
COPY apache2.conf .
RUN chmod 777 -R ${INITIAL}
WORKDIR $SITES
COPY 000-default.conf .
RUN chmod 777 -R ${SITES}
WORKDIR $CERTIFICATE
COPY dejsoftware.com.crt .
RUN chmod 777 -R ${CERTIFICATE}
WORKDIR $KEY
COPY dejsoftware.com.key .
RUN chmod 777 -R ${KEY}
WORKDIR $SITES2
COPY default-ssl.conf .
RUN chmod 777 -R ${SITES2}
#SET WORK DIRECTORY
WORKDIR $OCA_HOME
#COPY CAKE APP
COPY OCA-master .
#INSTALL DEPENDENCIES FOR THE APP
RUN composer install -n
&& composer update -n
&& composer install -n
&& chmod 777 -R ${OCA_HOME}
&& chmod +X -R ${OCA_HOME}
&& service apache2 restart
#EXPOSE PORTS
EXPOSE 8070
EXPOSE 4439
#SET RULE TO FIREWALL TO EXPOSE PORTS
CMD firewall-cmd --permanent --add-port=8070/tcp
&& firewall-cmd --permanent --add-port=4439/tcp
&& firewall-cmd --reload
#EXECUTE APACHE
CMD ["apache2ctl", "-D", "FOREGROUND"]
apache2.conf
...
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
...
000-default.conf
<VirtualHost *:8070>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:4439>
ServerAdmin [email protected]
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/mycert.com.crt
SSLCertificateKeyFile /etc/ssl/private/mykey.com.key
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
...
Docker run command
docker run -d –name dej_oca -p 4439:4439 -p 8070:8070 oca_dej:1.0
Source: Docker Questions
