SSL Certificate for Multiple Docker Containers - docker

I Have multiple Docker containers exposing their respective ports which I am bringing up using docker-compose, I have a service which is running on port 80.
I need to add SSL Certificate for all those Containers, Such that the application running on port 80 will be https

You can either keep certificate on a reverse proxy or propagate through service configuration tools - which one depends on your infrastructure. One example might be vault

Related

Setting up nginx and ssl in docker (Asp .Net API in VPS)

I want to deploy api service (asp .net) to VPS.
What is at the moment:
VPS ubuntu 22.10
Container api service with open port http.
Container mongodb.
Network bridge for communication between these containers.
Volume for storing mongodb collections.
Configured dns subdomain, which translates to ip VPS.
What I want:
To add nginx.
To add ssl (Let's Encrypt with certbot).
I don't want to use docker compose because I want to understand how things works.
I'm not strong in terminology, but perhaps what I want to do is called an open nginx proxy.
Please tell me if I understand correctly what I need to do.
Nginx:
To run a separate nginx container.
To add the nginx configuration to the docker volume.
To add nginx to the bridge network (close ports on the api container, open ports on the nginx container)
To set up nginx location configs to work internally through the network bridge.
SSL:
On the VPS machine (not in the docker container) to install and run certbot
To enabled automatic certificate renewal
I'm not sure where I need to run certbot. On vps machine or in nginx docker container.
I don't know how to configure nginx to work through the bridge.

Map Google Cloud VM docker port to HTTPS

I have a Google Cloud VM which runs a docker image. The docker image runs a specific JAVA app which runs on port 1024. I have pointed my domain DNS to the VM public IP.
This works, as I can go to mydomain.com:1024 and access my app. Since Google Cloud directly exposes the docker port as a public port. However, I want to access the app through https://example.com (port 443). So basically map port 443 to port 1024 in my VM.
Note that my docker image starts a nginx service. Previously I configured the java app to run on port 443, then the nginx service listened to 443 and Google Cloud exposed this HTTPS port so everthing worked fine. But I cannot use the port 443 anymore for my app for specific reasons.
Any ideas? Can I configure nginx somehow to map to this port? Or do I setup a load balancer to proxy the traffic (which seems rather complex as this is all pretty new to me)?
Ps. in Google Cloud you cannot use "docker run -p 443:1024 ..." which basically does the same if I am right. But the containerized VMs do not allow this.
Container Optimized OS maps ports one to one. Port 1000 in the container is mapped to 1000 on the public interface. I am not aware of a method to change that.
For your case, use Compute Engine with Docker or a load balancer to proxy connections.
Note: if you use a load balancer, your app does not need to manage SSL/TLS. Offload SSL/TLS to the load balancer and just publish HTTP within your application. Google can then manage your SSL certificate issuance and renewal for you. You will find that managing SSL certificates for containers is a deployment pain.

Install LetsEncrypt SSL on multiple docker apps using the same domain

I have deployed multiple docker containers on my CentOS machine and managing them with portainer.
containers are accessible via the same domain e.g.
container 1: example.com:80
container 2: example.com:6666
container 3: example.com:5083
and so on..
Now I want to use LetsEncrypt SSL for all of my container apps using the same domain (without subdomains).
I have been using nginxproxymanager (container app) to do my reverse proxy settings. Right now I am only able to use only one container (running on port 80) with SSL.
I am new to docker stuff and need help.

Running containerized multiple applications using one ip address

I have a domain name https://example.com that points to a vps server on amazon lightsail. I have several applications i want to run. The apps are in vue js and some in spring and i am using nginx as the web server.
The landing page is basically an app running on port 3000 but using reverse proxy to display it at the root of example.com on port 80
I would like to run another app like:
example.com/one, example.com/two and example.com/three where one, two and three are applications each running inside a docker container.
How would i go about configuring my apps in this way keeping in mind the apps are running separately inside docker?
I highly suggest using Caddy for this type of setup.
Nginx is awesome and you could use that for the same purpose.
But for what you want to do caddy will work perfectly.
Just make sure to run each container on a different port.
Then use caddy as a reverse proxy to each container:
https://medium.com/bumps-from-a-little-front-end-programmer/caddy-reverse-proxy-tutorial-faa2ce22a9c6
Lets say you have containers running on port 5000,8800 and 9000
the you could do:
example.com
reverse_proxy /one localhost:5000
reverse_proxy /two localhost:8800
reverse_proxy /three localhost:9000
Caddy is cool because it will also setup SSL via Letsencrypt.
I didn't have time or a server to test this now, but let me know if it works.
God bless :)
Docker can only route to different ports. It can not determine the container by a http-path.
You need a reverse proxy (RP).
You have two options:
Install RP on host
You can install the RP on your host machine. There are many pros, like you can use the certbot for automatic lets encrypt certs. And you have the opportunity to use more docker-containers.
For this you have to publish ports in docker to your hostmachine.
Use your docker-nginx as RP
You can also set your frontend as RP. Just put your docker-containers in a docker-network and add the RP-config to your nginx.

Run multiple https enabled services on docker containers on same host Machine

I want to run multiple services on port 443 on same host Machine in docker containers. Can I achieve this using multiple VirtualIp's without getting errors like bind address already in use?
If you want the host to have multiple services hosted from the same port (443), I would suggest using a reverse proxy such as HA Proxy and exposing that on host port 443 and then have it route to the appropriate backend.

Resources