dockersslhosting

SSL certificate on docker hosted website like open-webui

So I have a domain at porkbun which have given me an SSL cert. But now I want to put a SSL certificate on the website. The server is hosted on a mini pc and the website on localhost, then open-webui I have forwarded to port 80 on router and I have done the DNS and everything. Website is working on my domain it's just not https only http.

I am not that familiar with Docker so I won't know how to do stuff like editing an image or container but I will learn.

I have tried different DNS records, I have tried getting the cert inside the container in a way with a script thing I found on the internet. That's it, can't find anything else.

Solution

  • You might want to look into http proxy.

    You can run your docker container and map it on a port, let's say 5000, like this:

    Dockerfile:

    FROM ubuntu:latest
RUN apt-get update && apt-get install -y curl
EXPOSE 80
CMD ["curl", "-s", "http://example.com"]

    Then run the container, let's say you are using docker compose, like this:

    # docker-compose.yml
version: '3'
services:
  example:
    build: .
    ports:
      - "5000:80"

    And then you install a webserver (I show you how to do that on apache, but many others work as well - I think most common would be nginx).

    First you install apache (this is an example for ubuntu/debian):

    sudo apt update
sudo apt install apache2
    1. allow it on the firewall:
    sudo ufw allow 'Apache Full'
    1. enable mod proxy and mod proxy http modules:
    sudo a2enmod proxy
sudo a2enmod proxy_http
    1. apache stores the configuration files of virtual hosts under /etc/apache2/sites-available

    you want to edit the default page:

    sudo vi /etc/apache2/sites-available/000-default.conf

    or

    sudo nano /etc/apache2/sites-available/000-default.conf

    replace the default entry with:

    <VirtualHost *:80>
    ServerName your-domain.com
</VirtualHost>
    1. install certbot
    sudo apt install certbot python3-certbot-apache
    1. activate the domain in webserver
    a2ensite 000-default.conf
    1. run certbot
    certbot

    Follow the instructions (I like to redirect from port 80 to 443 automatically).

    It will create a file called 000-default-le-ssl.conf - that should look like this then:

    <VirtualHost *:443>
    ServerName your-domain.com

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
</VirtualHost>
    1. where you want to add something:
        ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / http://localhost:5000/
    ProxyPassReverse / http://localhost:5000/
    1. and then you just need to restart your apache server
    sudo systemctl restart apache2

    -- Or you might want to have a look into nginx proxy manager if you need alot of them.

    Btw. it is also good practice to create a cron job for renewal

    Open the root users crontab and add a line:

    sudo crontab -e

    and add

    0 2 * * * /usr/bin/certbot renew --quiet

    hope that helps

    If you want to use the certifcate that was given to you, you may add the -le-ssl.conf manually, a2ensite it as well and add the certifcates somewhere on the server and add the location of the certifcates to the path in the default-le-ssl.conf