Comments (23)
For future visitors, here's a Dockerfile showing what I did to enable HTTPS support using the ssl-cert
package to install the self-signed certificates that Apache is configures to use by default.
FROM wordpress:4.8.0-php7.1-apache
RUN apt-get update && \
apt-get install -y --no-install-recommends ssl-cert && \
rm -r /var/lib/apt/lists/* && \
a2enmod ssl && \
a2ensite default-ssl
EXPOSE 80
EXPOSE 443
from wordpress.
Also: I love this image. Thanks for making it so easy to use. I wrote a blog post about it here:
http://blog.fuzzy.io/2015/01/19/installing-wordpress-with-docker-and-fig/
from wordpress.
@poldim
You write a custom bash script and tell docker-compose to run it on startup.
I've done it like this:
docker-compose.yml
version: "2"
services:
my-wpdb:
image: mariadb
volumes:
- ./:/home
ports:
- "8081:3306"
environment:
MYSQL_ROOT_PASSWORD: xxxxxxx
my-wp:
image: wordpress
volumes:
- ./:/var/www/html
- ./wp-init.sh:/usr/local/bin/apache2-custom.sh
- ./apache2-vhosts.conf:/etc/apache2/sites-available/apache2-vhosts.conf
ports:
- "80:80"
- "443:443"
links:
- my-wpdb:mysql
environment:
WORDPRESS_DB_PASSWORD: xxxxxxx
command: "bash -c apache2-custom.sh"
wp-init.sh
#!/usr/bin/env bash
# as you can see I combined the SSL stuff from @AlexanderOMara
# with enabling my own custom vhosts.conf
# so I can edit that outside the container
apt-get update
apt-get install -y --no-install-recommends ssl-cert
rm -r /var/lib/apt/lists/*
a2enmod ssl
a2dissite 000-default.conf
a2ensite apache2-vhosts.conf
# finally execute default command
docker-entrypoint.sh apache2-foreground
Works like a charm.
from wordpress.
I don't think you can do it without creating a Dockerfile
, but you could create a build:
section in your docker-compose.yml
file that builds your Dockerfile
(and adjust the FROM
to use wordpress:latest
). Something like this:
yourproject/docker-compose.yml
:
version: '3'
services:
wordpress:
build:
context: wordpress
ports:
- '80:80'
- '443:443'
networks:
- webnet
mysql:
image: mysql:5.7
ports:
- '3306:3306'
networks:
- webnet
networks:
webnet:
yourproject/wordpress/Dockerfile
:
FROM wordpress:latest
RUN apt-get update && \
apt-get install -y --no-install-recommends ssl-cert && \
rm -r /var/lib/apt/lists/* && \
a2enmod ssl && \
a2ensite default-ssl
EXPOSE 80
EXPOSE 443
from wordpress.
I think it would be nice to have some kind of mention/documentation/resource on how to go about using HTTPS. This seems like a pretty good lead, but I'm not having much luck so far.
from wordpress.
@AlexanderOMara Brilliant - thank you!
Since I was already running a container using docker-compose, and didn't want to create a builder file, I did this :
-
expose port 443 by adding the following to your compose file:
ports: - "443:443"
-
restart your container (be sure your db and web files are on persistent storage!)
docker-compose down docker-compose up -d
-
attach to the running container
docker exec -t -i CONTAINER_ID /bin/bash
-
install ssl-cert ( automatically installs self-signed cert)
apt-get update && \ apt-get install -y --no-install-recommends ssl-cert && \ rm -r /var/lib/apt/lists/* && \ a2enmod ssl && \ a2ensite default-ssl
You may get a prompt about restarting apache before the new settings take effect.
service apache2 reload
-
exit the container (won't kill your container)
CTRL-P-Q
-
Access your https://example.com , adding an exception to your browser to ignore the prompt about untrusted CA
from wordpress.
FYI, service apache2 reload
will do nothing since there is no init system running in the container (like systemd or upstart). Apache2 server does not even start until the end of docker-entrypoint.sh
and the process is started directly (ie, no init system is involved).
I would also recommend against doing apt-get -y upgrade
in a container: https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run.
from wordpress.
I managed to get HTTPS to work on the most basic of configs for the latest WordPress Docker image (4.5.7). I've documented it here:
https://peter.pudaite.net/2017/05/29/enabling-https-on-the-standard-wordpress-docker-image/
from wordpress.
@AlexanderOMara Thanks for this. It enables SSL, even though I thought I had to do a 'service apache2 restart' after the 'a2enmod ssl' to get SSL enabled.
What else did you do (adding certs, modifying 000-default.conf to force https...)?
I'm not an Apache expert, just trying to get my local WordPress Bedrock running using SSL on Docker for Mac. However I'm sure there are a lot of people looking for a complete off-the shelf WordPress local HTTPS config documentation now that Let's Encrypt is available.
Perhaps it's time to move this thread to the forums?
For me for example, when I run docker-compose up, I get the warning:
AH01909: 172.18.0.3:443:0 server certificate does NOT include an ID which matches the server name
Then when I go to http://localhost:443/, I get the error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.10 (Debian) Server at 172.18.0.3 Port 443
from wordpress.
@evanp this image doesn't configure its Apache to support HTTPS, so there would have to be a PR or a derived image that adds the appropriate Apache config and EXPOSE
setting for 443.
If you're willing to do your HTTPS in another container, jwilder/nginx-proxy
is a nice option that supports SSL configuration.
from wordpress.
That's what I thought!
Do you think the PR should be for this repo or for docker-library/php?
from wordpress.
I think it makes sense to do this in the php:*apache
images myself, but @tianon and @yosifkit may think otherwise.
Looks like those images already have a Listen 443
, but they don't a2enmod ssl
or configure certificate or key paths.
In terms of implementation, it probably makes sense to follow the example set by the httpd
image (cf. https://github.com/docker-library/docs/blob/master/httpd/content.md#sslhttps).
from wordpress.
I'm actually personally pretty strongly -1 on SSL by default, and would
rather recommend people use a lightweight container in front of this one to
add that, but I run all my containers behind a single nginx.
SSL support in these one-off containers creates a configuration nightmare
though, IMO.
from wordpress.
@tianon Are you using something like nginx-proxy
or your own custom config?
from wordpress.
I just use the official "nginx" image with a custom config that hooks to my
other containers via https://github.com/tianon/rawdns
from wordpress.
IMHO, we should keep these images as simple as possible.
I see the purpose of these images to create the process as described in 12factor app.
As a consequence, the SSL part should be handled at another level.
You could base your image on this on and add an nginx or apache server in front that would consume
this php (I don't recommend as you break the one process per container rule).
Or you could use a reverse proxy in front that would consume this container. this reverse proxy could be nginx or HAproxy (I personnaly use HAproxy). This reverse-proxy would handle the SSL offloading part.
Let me know if you need more details. If not, please consider closing the issue for the sake of keeping this number as low as possible.
Thanks
from wordpress.
Just a (very) small detail: you can use only line for EXPOSE, like:
EXPOSE 80 443
Note that after Docker 1.10, EXPOSE doesn't create a new layer, so the resulting image will be the same.
from wordpress.
@AlexanderOMara - How do you use this with docker compose so that I can continue to use the ":latest" tag?
from wordpress.
Then when I go to http://localhost:443/, I get the error:
@henscu I notice you're visiting http://localhost:443 — what happens if you try with https, i.e. https://localhost:443? (And you should be able to drop the 443
if you're specifying https)
from wordpress.
Thanks @supervacuo. Yes, I tried that and many other minor permutations, but I ran into so many finicky problems like 'not being able to access /' and NET::ERR_CERT_AUTHORITY_INVALID etc that I'm going to reset my Docker setup back to the one described above and try again.
The problem for people like me (non hardcore dev) are the minor details in implementation explanations that are missing because they seem obvious to those who are writing them, but are very hard for me to get a clear answer/explanation from StackOverflow on... :)
from wordpress.
@yosifkit Touché. I wasn't aware of the latter though, thanks for that insight. Not sure though where in the process that was introduced in my snippet (probably the result of a lot of copy and pasting), because you would reckon apt-get update
would be enough.
Anyway I updated my snippet.
from wordpress.
Are there any updates to this thread since we are in version 3.3?
from wordpress.
As is discussed at length in this thread, we cannot reasonably enable SSL in this image by default. Doing so with a simple reverse proxy is simpler, more reliable, and more flexible, but even doing so by adjusting the embedded Apache configuration is not terribly difficult (and one has to provide certificates in either case, so changing some configuration should be done in a similar manner).
from wordpress.
Related Issues (20)
- Missing composer vendor folder HOT 2
- Fails with error: "AH00534: apache2: Configuration error: More than one MPM loaded." on Annapurna AL73400 ARM CPU.
- update wordpress from version 6.1 to 6.3.1 does not seem to update the wordpress files HOT 3
- Copy Docker image doesn't work
- Unable to use .user.ini HOT 1
- wordpress installation on azure aks issue with plugins and themes HOT 1
- wordpress:6-php8.2-fpm-alpine looks to contain Wordpress 5.1.1 HOT 1
- CLI variant fails connecting to MySql server via caching_sha2_password
- Passing WP_ENVIRONMENT_TYPE not working
- Installing wordpress 6.4.2 with php 8.2: headers already sent by HOT 1
- Configuring PHP directives without custom images
- CSS and JS are not hosted on an HTTPS.
- ftps doesn't work starting from php 8 HOT 1
- PHP error logging
- Theme templates bug when port forwarding is different from host port 80 HOT 1
- why mod_php in 2024? HOT 1
- The 6.5 tags are not on Docker Hub HOT 1
- How to change port 8080 to some other port
- BUG: Restarting docker logs users out HOT 7
- a c or assembly or webasm compiled wordptess please with a precommit compilation so php's drawbacks arent bothering people HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordpress.