Secure Apache with SSL in Docker
This guide will walk you through setting up an Apache server with PHP support within a Docker container, secured with an SSL certificate for local development purposes. We’ll ensure that the server can be accessed securely via https://localhost using a self-signed SSL certificate. If you’re eager to jump straight into the code, you can locate the complete project on GitHub. Feel free to access it at https://github.com/tshenolo/docker-Secure-Apache.
Table of Contents
- Introduction
- Prerequisites
- Step 1: Preparing SSL Certificates
- Step 2: Creating the Dockerfile
- Step 3: Configuring Apache for SSL
- Step 4: Building and Running the Docker Container
- Step 5: Accessing Your Secure Apache Server
- Conclusion
Introduction
Deploying your web applications in a development environment that closely mirrors your production setup is crucial. This guide focuses on configuring an Apache server with SSL in Docker, providing a secure, isolated environment for development.
You can watch the video version of this article here:
Prerequisites
- Docker installed on your machine.
- Basic knowledge of Docker, Apache, and SSL certificates.
- OpenSSL for generating a self-signed certificate (if not already installed).
Step 1: Preparing SSL Certificates
Before setting up the Docker container, you’ll need to generate a self-signed SSL certificate for localhost. Open a terminal and run:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -subj "/C=US/ST=YourState/L=YourCity/O=YourOrganization/CN=localhost"This command generates a new SSL certificate (localhost.crt) and a private key (localhost.key), valid for 365 days.
Step 2: Creating the Dockerfile
Create a Dockerfile in your project directory with the following contents:
# Use an official PHP image with Apache
FROM php:7.4-apache
# Install Vim (optional)
RUN apt-get update && \
apt-get install -y vim && \
rm -rf /var/lib/apt/lists/*
# Copy SSL certificate and key
COPY localhost.crt /etc/ssl/certs/localhost.crt
COPY localhost.key /etc/ssl/private/localhost.key
# Copy the custom Apache virtual host config
COPY ./my-httpd-vhosts.conf /etc/apache2/sites-available/my-ssl.conf
# Enable SSL module, configure Apache for PHP support, and enable our SSL site configuration
RUN a2enmod ssl && \
a2enmod rewrite && \
a2dissite 000-default default-ssl && \
a2ensite my-ssl
# Copy your PHP application into the default Apache document root
COPY ./public-html/ /var/www/html/Step 3: Configuring Apache for SSL
Create a file named my-httpd-vhosts.conf in your project directory with the following Apache virtual host configuration:
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName localhost
SSLEngine on
SSLCertificateFile "/etc/ssl/certs/localhost.crt"
SSLCertificateKeyFile "/etc/ssl/private/localhost.key"
# Other directives here
</VirtualHost>Step 4: Building and Running the Docker Container
With the Dockerfile and SSL configuration in place, build your Docker image:
docker build -t apache-php-ssl .Then, run your container:
docker run -d -p 443:443 apache-php-sslThis command starts a container from your image, mapping port 443 inside the container to port 443 on your host machine.
Step 5: Accessing Your Secure Apache Server
Open a web browser and navigate to https://localhost. You should see your PHP application running securely under HTTPS. Since the certificate is self-signed, your browser may warn you about the site’s security certificate. You can proceed by allowing an exception for this certificate.
Conclusion
You’ve successfully set up an Apache server with SSL inside a Docker container, making your local development environment secure and more aligned with production settings. This setup ensures that your development practices include necessary security measures right from the start.
Thank you for reading this blog post. If you found the post helpful or interesting, here are a few ways you can show your support:
- 🐦 Follow me on X
- 📺 Subscribe to my Youtube channel
Your support and engagement mean a lot to me as an open-source developer.