In this article I want to share with you how to create an SSL certificate for your Docker web application.

So, for starters, I’ll give you the standard settings – which we had at the dev stage, i.e. without 443 ports and SSL in general:

  • docker-compose.yml

 

  • nginx / main.conf

Next, we actually need to implement SSL. Honestly – I studied the com zone around 2 hours. All the proposed options there are interesting. But at the current stage of the project, we (the business) needed to quickly and reliably fasten SSL Let’sEnctypt to the nginx container and nothing more.

First of all, we installed certbot on the server

Next, we generated wildcard certificates for our domain

after running certbot will provide us with 2 TXT records that need to be specified in the DNS settings.

And press enter.

After that, certbot will check the availability of these records in DNS and create certificates for you.

If you added a certificate, but certbot did not find it, try restarting the command after 5-10 minutes.

Well, here we are the proud owners of Let’sEncrypt certificate for 90 days, but now we need to send it to Docker.

To do this, in the most banal way in docker-compose.yml, in the nginx section – link directories.

Have you linked? Super – continue:

Now we need to change the nginx config to work with port 443 and SSL in general:

Actually after these manipulations – we go to the directory with Docker-compose, write docker-compose up -d. And we check the functionality of SSL. Everything should work.

The main thing is not to forget that Let’sEnctypt certificate is issued for 90 days and you will need to update it through the sudo certbot renew command, and then restart the project with the docker-compose restart command

Alternatively, add this sequence to crontab.

In my opinion, this is the easiest way to connect SSL to the Docker Web-app.

P.S. I ask you to take into account that all the scripts presented in the text are not final, now the project is at the deep Dev stage, so I want to ask you not to criticize the config files – they will be modified many more times.