Run docker service on HTTPS

L

3

52

Currently, I run a simple docker container by using the following files.

DockerFile

FROM microsoft/aspnet:4.7.1
WORKDIR /inetpub/wwwroot
EXPOSE 80
COPY index.html .

docker-compose.yml

version: '3.4'

services:

testapp:
  image: mytestapp:${TAG:-latest}
build:
  context: .
  dockerfile: Dockerfile

docker-compose.override.yml

version: '3.4'

services:
  testapp:
   ports:
    - "9091:80"

I use windows image to create my container by using the following command and I can access it by http://localhost:9091/.

docker-compose -f docker-compose.yml -f docker-compose.override.yml build

I want to access my app by using HTTPS instead of http.

What are the steps that I need to follow ?

Lactescent answered 12/6, 2018 at 6:2 Comment(0)

M

23

You need to configure your web server (inside the docker application) to enable HTTPS.
Open SSL port (443) on docker
- You can consider using NGINX as a reverse proxy to your webserver and configure SSL in nginx
- On a side, you can look at letsencrypt to get a free SSL certificate for your domain if this is a public site.

Mortar answered 12/6, 2018 at 6:4 Comment(3)

Hi Jerome, I would access to my https server inner the docker container locally calling https://localhost:9010/ from the docker host. Should also in this case use NGINX or letsencrypt? Thanks – Barye 31/1, 2020 at 16:30

what about if it is not public site it is for local machine – Minsk 17/6, 2021 at 9:15

I have also the same scenario like my app is running in linux image container, and I want to access my site with https what should I do, like I understand to expose port 443 in docker and docker compose file but what next, how to run the script ?from where ? – Restive 24/3, 2022 at 7:41

L

30

Thanks Jerome for the answer. I did the following things to get https working on my container. I hope this might be helpful to someone.

This image has IIS on it.

Add Self signed certificate to image from this script:

certificate.ps1

Create Self Signed Certificate.
Install it on local certificate store.
Create HTTPs Binding and add the generated SelfSign Certificate to the default Web site which has my web application

import-module webadministration

cd cert:
$cert = New-SelfSignedCertificate -DnsName myweb -Friendlyname MyCert -CertStoreLocation Cert:\LocalMachine\My

$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine

$rootStore.Open("MaxAllowed")
$rootStore.Add($cert)
$rootStore.Close()

cd iis:
new-item -path IIS:\SslBindings\0.0.0.0!443 -value $cert
New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
iisreset

Changes in my docker-compose.override.yml file: added port 443.

   version: '3.4'
     services:
       testapp.svc:
         ports:
           - "9091:80"
           - "9092:443"

Changes in my Dockerfile

    FROM microsoft/aspnet:4.7.1
    WORKDIR /inetpub/wwwroot
    EXPOSE 80 
    EXPOSE 443
    COPY index.html .
    COPY certificate.ps1 .
    RUN powershell.exe ./certificate.ps1

Lactescent answered 13/6, 2018 at 23:35 Comment(4)

What is certificate.ps1? Do you run Nginx as a container? Please describe your whole setup – Finely 27/9, 2020 at 6:2

The image that I have used had IIS (Web server) in it. Certificate.ps1 does the following things. 1. Create Self Signed Certificate. 2. Install it on local certificate store. 3. Create HTTPs Binding and add the generated SelfSign Certificate to the default Web site which has my web application. Hope this will help. You can do the same with Nginx but syntax will be different. – Lactescent 28/9, 2020 at 11:6

Works great thanks :) – Pinzler 6/12, 2021 at 3:59

I have also the same scenario like my app is running in linux image container, and I want to access my site with https what should I do, like I understand to expose port 443 in docker and docker compose file but what next, how to run the script ?from where ? – Restive 24/3, 2022 at 7:42

M

23

You need to configure your web server (inside the docker application) to enable HTTPS.
Open SSL port (443) on docker
- You can consider using NGINX as a reverse proxy to your webserver and configure SSL in nginx
- On a side, you can look at letsencrypt to get a free SSL certificate for your domain if this is a public site.

Mortar answered 12/6, 2018 at 6:4 Comment(3)

Hi Jerome, I would access to my https server inner the docker container locally calling https://localhost:9010/ from the docker host. Should also in this case use NGINX or letsencrypt? Thanks – Barye 31/1, 2020 at 16:30

what about if it is not public site it is for local machine – Minsk 17/6, 2021 at 9:15

I have also the same scenario like my app is running in linux image container, and I want to access my site with https what should I do, like I understand to expose port 443 in docker and docker compose file but what next, how to run the script ?from where ? – Restive 24/3, 2022 at 7:41

G

0

You can use HTTPS-PORTAL for this.

https://hub.docker.com/r/steveltn/https-portal/

Gloaming answered 10/11, 2023 at 19:25 Comment(0)

Recommended topics

Hot tags