Open FickleLife opened 3 years ago
I would also like to know what means to install.
Anyone can provide at least a rough workflow?
Is it something like the following? 1) Expose/Connect docker container port 443 to port 443 on the host machine (e.g. Digital Ocean droplet) 2) Enter into docker container 3) Follow basic certbot installation to install SSL certificate
Thank you.
UPDATE: Looks like you can just install SSL on the server (versus having to enter into the container to do this). However, I still am having issues with possibly the ports...
Hi @jenshine, did you ever solve this? I'm curious about your last update. Thanks!
Hi:
For anyone reading this, I got it working. I'll share my findings and the way I did it:
--certonly
as I didn't want to setup a webserver other than the one inside the Mautic imagedocker build --build-arg="DOMAIN=$MY_DOMAIN" -t mautic_ssl .
docker run -d --name=mautic_ssl -e MAUTIC_DB_HOST=database -e MAUTIC_DB_USER=root -e MAUTIC_DB_PASSWORD=mypassword -e MAUTIC_DB_NAME=mautic -e MAUTIC_RUN_CRON_JOBS=false --net=mauticnet -v mautic_data:/var/www/html -v /etc/letsencrypt/:/etc/letsencrypt/ mautic_ssl
And I think that's it.
For more details, here's my Dockerfile:
FROM mautic/mautic:v4
ARG DOMAIN
COPY ssl.conf /etc/apache2/sites-available/default-ssl.conf
RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/default-ssl.conf
RUN a2enmod ssl && a2ensite default-ssl.conf
And my ssl.conf
file:
IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName DOMAIN
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
SSLCertificateFile /etc/letsencrypt/live/DOMAIN/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN/privkey.pem
</VirtualHost>
</IfModule>
And that's it, I can happily enter my site at https://$MY_DOMAIN.com
.
I hope this helps!
I added a couple of nuances to get everything working as I wanted. A Makefile to build the image and start the container:
The Makefile:
mautic_ssl:
docker build -t mautic_ssl --build-arg="DOMAIN=$(domain)" .
start:
docker run --name mautic.ssl -d \
--restart=always \
-e MAUTIC_DB_HOST=database \
-e MAUTIC_DB_USER=root \
-e MAUTIC_DB_PASSWORD=mypassword \
-e MAUTIC_DB_NAME=mautic \
-e MAUTIC_RUN_CRON_JOBS=false \
-p 443:443 \
-p 80:80 \
--net=mauticnet \
-v mautic_data:/var/www/html \
-v /etc/letsencrypt/:/etc/letsencrypt/ \
mautic_ssl
The new version of the Dockerfile:
FROM mautic/mautic:v4
ARG DOMAIN
RUN [ -z "$DOMAIN" ] && echo "DOMAIN is required" && exit 1 || true
COPY ssl.conf /etc/apache2/sites-available/default-ssl.conf
COPY non-ssl.conf /etc/apache2/sites-available/000-default.conf
RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/default-ssl.conf
RUN sed -i "s/DOMAIN/$DOMAIN/g" /etc/apache2/sites-available/000-default.conf
RUN sed "11 a\tRewriteCond %{HTTPS} off" /var/www/html/.htaccess && \
sed "12 a\tRewriteRule ^(.*)$ https://$DOMAIN/\$1 [L,R=301]" /var/www/html/.htaccess
RUN a2enmod ssl && a2ensite default-ssl.conf
So that the DOMAIN
argument is mandatory and it adds the :80->:443 redirect
This issue has been mentioned on Mautic Community Forums. There might be relevant details there:
https://forum.mautic.org/t/how-to-enable-or-connect-ssl-from-host-to-docker-mautic-container/20306/2
Is there a guide/tutorial to installing an SSL cert onto Mautic 3 running under docker?