Enable Apache SSL in Docker for local development

Besides enabling ssl and exposing port 443, you need to create a (self-signed) certificate + private key and make sure Apache has access to those.

I recommend using openSSL to create a self-signed certificate:

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj \    "/C=../ST=...../L=..../O=..../CN=..." \    -keyout ./ssl.key -out ./ssl.crt

Instead of the dots (...) fill in your 2-letter country code (/C), the name of your state or province (/ST), the name of your locality (/L), the name of your organization (/O) and your server FQDN (/CN)

Then add the following lines to your docker file:

COPY ./path/to/ssl.crt /etc/apache2/ssl/ssl.crtCOPY ./path/to/ssl.key /etc/apache2/ssl/ssl.keyRUN mkdir -p /var/run/apache2/

I'm not sure the last line is really necessary, but in my docker container the folder didn't exist yet causing Apache to fail on startup.

Finally in your 000-default.conf file you need to add something like this:

<VirtualHost *:443>  SSLEngine on  SSLCertificateFile /etc/apache2/ssl/ssl.crt  SSLCertificateKeyFile /etc/apache2/ssl/ssl.key  ....</VirtualHost>

Note that when you use self-signed certificates most browsers will alert you that "Your connection is not secure" (Firefox) or "Invalid certificate" (Chrome). This is because there is no valid security chain to a trusted CA. Most browsers allow you to continue your request or add the site as an exception so the warning isn't displayed anymore.

Here's how I enabled Apache SSL in Docker for local development. This is with Docker running an Ubuntu image on macOS (though mkcert also works with Linux and Windows):

• In macOS, install mkcert:

brew install mkcertbrew install nss # if you use Firefox

mkcert makes it easy to create and install SSL certificates for local development use.

• Create the SSL certificates:

mkcert mysite.localhost someothersite.localhost localhost 127.0.0.1 ::1

This will install them on macOS for you, but will also leave a copy of them in the current working directory:

mysite.localhost+4-key.pemmysite.localhost+4.pem

• Make the two .pem files available to your Docker container. e.g.: move them with your container's config files and add the like of this:

- ./config/ssl:/etc/apache2/ssl/

• Open port 443 in the container's docker-compose:

- "443:443"

(And you should certainly EXPOSE 443 in the image too, though for some reason it worked for me without doing so.) (Edit: EXPOSE is purely documentation and performs no actions per the documentation)

• Enable SSL in Apache:

RUN ln -s /etc/apache2/mods-available/ssl.load  /etc/apache2/mods-enabled/ssl.load

Though, technically, I did this from within my running container first, followed by an apachectl restart. Makes it easier to test things out and make sure everything worked before committing rebuilding the image.

• Configure your website(s) in Apache for them to use SSL by editing mysite.localhost and any other domain you want to use SSL with:

<VirtualHost *:443>    …    SSLEngine on    SSLCertificateFile "/etc/apache2/ssl/clickandspeak.localhost+4.pem"    SSLCertificateKeyFile "/etc/apache2/ssl/clickandspeak.localhost+4-key.pem"    …</VirtualHost>

…just duplicate your old config from <VirtualHost *:80>, change the port to 443, and add the three lines above.

Rebuild the image and restart the container along the way as needed.

…et voilà!