Docker – Run cakephp application over https

I’m trying to dockerize a cakephp app, i have a container that deploy the app over http (8080 port) and works fine, but the application must be work over https, when include the configuration to enable ssl and self-signed SSL certificate on apache2 doesnt work. THe certificate was generated on the local machine and copied to the container sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/davids/Desktop/DOCKER/OCA/mykey.com.key -out /home/davids/Desktop/DOCKER/OCA/mycert.com.crt

The app over http (works fine)

enter image description here

The app with SSL configuration (doesn’t work)

enter image description here

What am i doing wrong? How can i do to deploy the app over https?

Dockerfile

FROM ubuntu:18.04

#DEFINE ENVIRONMENT VARIALBES
ENV DEBIAN_FRONTEND=noninteractive
ENV OCA_HOME /var/www/html/oca
ENV INITIAL /etc/apache2
ENV SITES /etc/apache2/sites-enabled
ENV SITES2 /etc/apache2/sites-available
ENV CERTIFICATE /etc/ssl/certs
ENV KEY /etc/ssl/private

#INSTALL TOOLS
RUN apt-get update -y 
&& apt-get -y install apache2 
&& apt-get -y install php php-mysql php-intl php-zip php-mbstring php-xml php7.2-curl php7.2-gd git wget curl openssl ghostscript 
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer 
&& chmod -R 777 /var/www/html/ 
&& mkdir $OCA_HOME 
&& a2enmod rewrite 
&& a2enmod ssl

WORKDIR $INITIAL
COPY apache2.conf .
RUN chmod 777 -R ${INITIAL}

WORKDIR $SITES
COPY 000-default.conf .
RUN chmod 777 -R ${SITES}

WORKDIR $CERTIFICATE
COPY dejsoftware.com.crt .
RUN chmod 777 -R ${CERTIFICATE}

WORKDIR $KEY
COPY dejsoftware.com.key .
RUN chmod 777 -R ${KEY}

WORKDIR $SITES2
COPY default-ssl.conf .
RUN chmod 777 -R ${SITES2}


#SET WORK DIRECTORY
WORKDIR $OCA_HOME

#COPY CAKE APP
COPY OCA-master .

#INSTALL DEPENDENCIES FOR THE APP
RUN composer install -n 
&& composer update -n 
&& composer install -n 
&& chmod 777 -R ${OCA_HOME} 
&& chmod +X -R ${OCA_HOME} 
&& service apache2 restart

#EXPOSE PORTS
EXPOSE 8070
EXPOSE 4439

#SET RULE TO FIREWALL TO EXPOSE PORTS
CMD firewall-cmd --permanent --add-port=8070/tcp 
&& firewall-cmd --permanent --add-port=4439/tcp 
&& firewall-cmd --reload

#EXECUTE APACHE
CMD ["apache2ctl", "-D", "FOREGROUND"]

apache2.conf

...
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

#<Directory /srv/>
#   Options Indexes FollowSymLinks
#   AllowOverride None
#   Require all granted
#</Directory>
...

000-default.conf

<VirtualHost *:8070>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin [email protected]
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

default-ssl.conf

   <IfModule mod_ssl.c>
    <VirtualHost _default_:4439>
    ServerAdmin [email protected]

    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    
    SSLCertificateFile  /etc/ssl/certs/mycert.com.crt
    SSLCertificateKeyFile /etc/ssl/private/mykey.com.key
    #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   ...

Docker run command
docker run -d –name dej_oca -p 4439:4439 -p 8070:8070 oca_dej:1.0
enter image description here

Source: Docker Questions