I am trying to integrate ssl certificates with wildcard by implementing mkcert, because this is aimed at a local development environment (host OS windows 11) and I would like to use local urls.
initially with docker-composer I use the following yml file:
version: "3.9"
services:
reverse-proxy:
env_file:
- .env
container_name: Proxy-Server
image: nginxproxy/nginx-proxy
restart: always
depends_on:
- webserver
volumes:
- certs/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
ports:
- "80:80"
- "443:443"
tty: true
networks:
- lamp-network
environment:
- TRUST_DOWNSTREAM_PROXY=true
- ENABLE_WEBSOCKETS=true
privileged: true
webserver:
env_file:
- .env
container_name: LH-2-Web-Server
build:
context: ./bin/php81
args:
VIRTUAL_HOST: lh-2.dock
restart: always
expose:
- 80
- 443
networks:
- lamp-network
tty: true
volumes:
- ./../project/:/var/www/html:rw
- ./../project/public:/var/www/html/public:rw
- ./config/vhosts:/etc/apache2/sites-enabled
- ./config/php/php.ini:/usr/local/etc/php/php.ini
- certs:/etc/ssl/certs
- ./log/apache2:/var/log/apache2
- ./log/cron:/var/log/cron
environment:
VIRTUAL_HOST: lh-2.dock
LH_WEB_MASTER: [email protected]
LH_APACHE_DOCUMENT_ROOT: /var/www/html/
LH_DOCUMENT_ROOT: public
extra_hosts:
- "host.docker.internal:host-gateway"
labels:
- "lh2.setup.description=Web Server"
- "lh2.setup.role=webserver"
volumes:
certs:
networks:
lamp-network:
name: lamp-network
driver: bridge
To create the ssl certificates I try to do it from the webserver container in the Dockerfile file:
FROM php:8.1-apache-bullseye
ARG DEBIAN_FRONTEND=noninteractive
ARG VIRTUAL_HOST
RUN apt-get update && \
apt-get upgrade -y --no-install-recommends --fix-missing
RUN apt-get install -y --no-install-recommends --fix-missing tzdata sed build-essential dialog nano apt-utils cron wget git curl zip openssl gettext-base libnss3-tools
RUN curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" && \
chmod +x mkcert-v*-linux-amd64 && \
cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
RUN mkcert -install
RUN mkcert \
-cert-file /etc/ssl/certs/default.crt \
-key-file /etc/ssl/certs/default.key \
"${VIRTUAL_HOST}" "*.${VIRTUAL_HOST}"
RUN apt-get -y autoremove && \
apt-get clean
RUN a2enmod rewrite
RUN a2enmod ssl
RUN a2enmod headers
RUN a2enmod proxy_wstunnel
RUN service apache2 restart
my vhost for apache has this content from start:
<VirtualHost *:80>
ServerName lh-2.dock
ServerAlias *.lh-2.dock
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
<Directory /var/www/html/public>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName lh-2.dock
ServerAlias *.lh-2.dock
SSLProtocol all -SSLv2 -SSLv3
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
<Directory /var/www/html/public>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/default.crt
SSLCertificateKeyFile /etc/ssl/certs/default.key
ErrorLog /var/log/apache2/lh-2.dock-error.log
CustomLog /var/log/apache2/lh-2.dock-access.log combined
</VirtualHost>
and results in the following error:
2023-10-05 16:51:10 AH00526: Syntax error on line 25 of /etc/apache2/sites-enabled/vhost.conf: 2023-10-05 16:51:10 SSLCertificateFile: file '/etc/ssl/certs/default.crt' does not exist or is empty 2023-10-05 16:51:12 AH00526: Syntax error on line 25 of /etc/apache2/sites-enabled/vhost.conf: 2023-10-05 16:51:12 SSLCertificateFile: file '/etc/ssl/certs/default.crt' does not exist or is empty
It seems that the mount point is not created when required or that the certificate is not created in the directory... I have tried to change it to a shared volume and I have verified that the certificates and key exist, but in the end the error prevails even though I use the following command:
docker-compose -f /docker/docker-compose.yaml up -d --build --force-recreate