search

mautic / docker-mautic

Docker Image for Mautic
https://www.mautic.org
374 stars 278 forks source link

Installing Let's Encrypt SSL cert on Mautic 3 on Docker #191

Open FickleLife opened 3 years ago

FickleLife commented 3 years ago

Is there a guide/tutorial to installing an SSL cert onto Mautic 3 running under docker?

--- Want to back this issue? **[Post a bounty on it!](https://app.bountysource.com/issues/99202078-installing-let-s-encrypt-ssl-cert-on-mautic-3-on-docker?utm_campaign=plugin&utm_content=tracker%2F20392502&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://app.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F20392502&utm_medium=issues&utm_source=github).
alvares commented 3 years ago

I would also like to know what means to install.

jenshine commented 3 years ago

Anyone can provide at least a rough workflow?

Is it something like the following? 1) Expose/Connect docker container port 443 to port 443 on the host machine (e.g. Digital Ocean droplet) 2) Enter into docker container 3) Follow basic certbot installation to install SSL certificate

Thank you.

UPDATE: Looks like you can just install SSL on the server (versus having to enter into the container to do this). However, I still am having issues with possibly the ports...

mchojrin commented 1 year ago

Hi @jenshine, did you ever solve this? I'm curious about your last update. Thanks!

mchojrin commented 1 year ago

Hi:

For anyone reading this, I got it working. I'll share my findings and the way I did it:

  1. Installed certbot on my newly created server, with the option of --certonly as I didn't want to setup a webserver other than the one inside the Mautic image
  2. I created a new Dockerfile: 2.1. Based on the mautic/mautic:v4 image 2.2. Adding a build argument to use for determining the domain name
  3. I added a new file to use as template for the SSL configuration
  4. I used the following command to build the image: docker build --build-arg="DOMAIN=$MY_DOMAIN" -t mautic_ssl .
  5. I started a container using the command docker run -d --name=mautic_ssl -e MAUTIC_DB_HOST=database -e MAUTIC_DB_USER=root -e MAUTIC_DB_PASSWORD=mypassword -e MAUTIC_DB_NAME=mautic -e MAUTIC_RUN_CRON_JOBS=false --net=mauticnet -v mautic_data:/var/www/html -v /etc/letsencrypt/:/etc/letsencrypt/ mautic_ssl
  6. I updated my DNS so that my $MY_DOMAIN would point to my new server

And I think that's it.

For more details, here's my Dockerfile:

FROM mautic/mautic:v4

ARG DOMAIN

COPY ssl.conf /etc/apache2/sites-available/default-ssl.conf

RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/default-ssl.conf
RUN a2enmod ssl && a2ensite default-ssl.conf

And my ssl.conf file:

IfModule mod_ssl.c>
        <VirtualHost *:443>
                DocumentRoot /var/www/html
                ServerName DOMAIN

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                # Intermediate configuration, tweak to your needs
                SSLProtocol             all -SSLv2 -SSLv3
                SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
                SSLHonorCipherOrder     on
                SSLCompression          off

                SSLOptions +StrictRequire

                LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
                LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

                SSLCertificateFile /etc/letsencrypt/live/DOMAIN/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN/privkey.pem
        </VirtualHost>
</IfModule>

And that's it, I can happily enter my site at https://$MY_DOMAIN.com.

I hope this helps!

mchojrin commented 1 year ago

I added a couple of nuances to get everything working as I wanted. A Makefile to build the image and start the container:

The Makefile:

mautic_ssl:
        docker build -t mautic_ssl --build-arg="DOMAIN=$(domain)" .

start: 
        docker run --name mautic.ssl -d \
        --restart=always \
        -e MAUTIC_DB_HOST=database \
        -e MAUTIC_DB_USER=root \
        -e MAUTIC_DB_PASSWORD=mypassword \
        -e MAUTIC_DB_NAME=mautic \
        -e MAUTIC_RUN_CRON_JOBS=false \
        -p 443:443 \
        -p 80:80 \
        --net=mauticnet  \
        -v mautic_data:/var/www/html \
        -v /etc/letsencrypt/:/etc/letsencrypt/ \
        mautic_ssl

The new version of the Dockerfile:

FROM mautic/mautic:v4

ARG DOMAIN

RUN [ -z "$DOMAIN" ] && echo "DOMAIN is required" && exit 1 || true

COPY ssl.conf /etc/apache2/sites-available/default-ssl.conf
COPY non-ssl.conf /etc/apache2/sites-available/000-default.conf

RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/default-ssl.conf
RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/000-default.conf
RUN sed "11 a\tRewriteCond %{HTTPS} off" /var/www/html/.htaccess && \
        sed "12 a\tRewriteRule ^(.*)$ https://$DOMAIN/\$1 [L,R=301]" /var/www/html/.htaccess

RUN a2enmod ssl && a2ensite default-ssl.conf

So that the DOMAIN argument is mandatory and it adds the :80->:443 redirect

mautibot commented 1 year ago

This issue has been mentioned on Mautic Community Forums. There might be relevant details there:

https://forum.mautic.org/t/how-to-enable-or-connect-ssl-from-host-to-docker-mautic-container/20306/2