Adding a self signed certificate to your docker development environment

Submitted by daniel on Sun, 18/08/2019 - 14:59

These days some api's are restricted to access over Https. With Https being a standard requirement for most production sites these days, it is also worth enabling this on your development environment as well, to help you to check for any mixed content errors, and to test your apps with any apis that may insist on Https access.

For Drupal development work I have been using drupal4docker for a while now. Docker is similar to other headless virtual machines in that you risk losing any configuration on your machine when you tear it down and rebuild etc. Hence, it is good idea to configure or automate this process to prevent you from having to start again every time you rebuild your environment. This is obviously useful for testing purposes as well. 

To start with lets generate our certificate, perhaps in you document root. Here I have opted to use the folder /certs that is in the root of my dev environment.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem

You may need to adjust the paths for your requirements. Simply step through the list of questions, at with a bit of luck you will have generated a certificate and key in the folder of your choosing.

Next you will need to configure docker to use this self signed cert. In my circumstance I am am using Drupa4Docker by Wodby that also includes Traefik a reverse and load balancer that sits in front of your containerised server instance. So in my case I have to adjust the script that is called when traefik first starts up so that it is configured to route all traffic via https by default and knows where to find the certificate that we have just set up.

--defaultEntryPoints='https' --entryPoints="Name:https Address::443 TLS:/certs/cert.pem,/certs/key.pem" --entryPoints="Name:http Address::80 Redirect.EntryPoint:http

  We also have to let Traefik know to forward all traffic on port 443 from the host to the container. Our config ends up looking like this.

  traefik:
    image: traefik
    container_name: "${PROJECT_NAME}_traefik"
    command: -c /dev/null --web --docker --logLevel=INFO --defaultEntryPoints='https' --entryPoints="Name:https Address::443 TLS:/certs/cert.pem,/certs/key.pem" --entryPoints="Name:http Address::80 Redirect.EntryPoint:https"
    ports:
      - '80:80'
      - '443:443'
      - '8080:8080' # Dashboard
    volumes:
      - ./certs:/certs/
      - /var/run/docker.sock:/var/run/docker.sock

That's it. Obviously there are some issues with working with a self signed certificate and I can't help but notice on their website that they also support Lets Encrypt certs, so I will be investigating how to set that up in the near future.

Add new comment