SSL Trouble with docker container

Hi,
I’m quite new to docker.
At the moment I’m using Rockstor als my Home NAS-System. Rockstor uses Docker to implement Plugins like owncloud, plex …
The Containers run with specific Ports (e.g. owncloud 8080).
The developer of Rockstor provided an adjusted docker image for owncloud. At the moment I’m testing the official one.
But I have trouble to access it via https.
When I try to access https://MyIP:8080 I get SSL_ERROR_RX_RECORD_TOO_LONG when using Firefox.
I already tried to get new certificates with openssl. This works, but anyway I’ll get this error. After lot of trying and testing I startet to download apache2 in my owncloud container and edited /etc/apache2/sites-enabled/default-ssl.conf
The problem is that I can’t find the correct way to define my host.
Right now it looks like this:

ServerAdmin webmaster@localhost ServerName 192.168.1.111:8013 DocumentRoot /var/www/html
            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf
            #   SSL Engine Switch:
            #   Enable/Disable SSL for this virtual host.
            SSLEngine on
            #   A self-signed (snakeoil) certificate can be created by installing
            #   the ssl-cert package. See
            #   /usr/share/doc/apache2/README.Debian.gz for more info.
            #   If both key and certificate are stored in the same file, only the
            #   SSLCertificateFile directive is needed.
            SSLCertificateFile      /etc/apache2/ssl/apache.pem
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            #   Server Certificate Chain:
            #   Point SSLCertificateChainFile at a file containing the
            #   concatenation of PEM encoded CA certificates which form the
            #   certificate chain for the server certificate. Alternatively
            #   the referenced file can be the same as SSLCertificateFile
            #   when the CA certificates are directly appended to the server
            #   certificate for convinience.
            #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
            #   Certificate Authority (CA):
            #   Set the CA certificate verification path where to find CA
            #   certificates for client authentication or alternatively one
            #   huge file containing all of them (file must be PEM encoded)
            #   Note: Inside SSLCACertificatePath you need hash symlinks
            #                to point to the certificate files. Use the provided
            #                Makefile to update the hash symlinks after changes.
            #SSLCACertificatePath /etc/ssl/certs/
            #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
            #   Certificate Revocation Lists (CRL):
            #   Set the CA revocation path where to find CA CRLs for client
            #   authentication or alternatively one huge file containing all
            #   of them (file must be PEM encoded)
            #   Note: Inside SSLCARevocationPath you need hash symlinks
            #                to point to the certificate files. Use the provided

Am I thinking right, when I try to edit the ssl setting IN the specific docker and not on the system itself (The Web-GUI from Rockstor works with Selfsigned Certificate on Port 443) ?

How can I specify the settings for my container correctly?

It would be really great if anyone could help me with this.

Thanks in advance.
Mark

Can’t anybody help me with this?

Still no ideas for my Problem?

Mark, did you ever get this resolved?

I am having trouble enabling SSL on my php:7.1-apache Docker container because file ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’ does not exist. I am currently trying to create it by running openssl…

Here is the error message I get when building my Docker container:

Step 5/9 : RUN a2enmod ssl && a2ensite default-ssl
—> Using cache
—> 4339c6b72763
Step 6/9 : RUN service apache2 restart
—> Running in 0c79f95c3203
Restarting web server: apache2
failed!
The apache2 configtest failed. … (warning).
Output of config test was:
AH00526: Syntax error on line 32 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’ does not exist or is empty
Action ‘configtest’ failed.
The Apache error log may have more information.
Removing intermediate container 0c79f95c3203
The command ‘/bin/sh -c service apache2 restart’ returned a non-zero code: 1
ERROR: Build failed: The command ‘/bin/sh -c service apache2 restart’ returned a non-zero code: 1

Hello Henry,
sorry for my late answer…
I got my error resolved - to be honest I can’t really remember what exactly caused my error messages.

The essence of your error message is:
"SSLCertificateFile: file ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’ does not exist or is empty"
Is the ertificate file correct? Did you try to build a certificate chain?
Maybe this page helps you
https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html

Hi Mark, yes I got past this problem by installing the Apache ssl-cert module as described in the comments on the Github issue below. However I still haven’t got a complete SSL WordPress on Docker solution working… Do you?

Hi Mark and Henry,

I’m new to Docker and looking for a way to install SSL for my localhost Wordpress dev environment. Have either of you been successful to date?

tia,

Dave

Dave, I never found a simple, clearly explained solution to this. In January 2018, when I asked the question, there were a lot of blog posts around like this one which almost hit the mark:

However, I just couldn’t get it to work on my simple two container Apache WordPress local Docker development setup.

So I returned to using a free off-the-shelf Vagrant based solution called Trellis provided by https://roots.io/

Roots Trellis has the advantage of allowing me to build and deploy to a VPS easily, and setting up SSL locally and in production is done by simply setting a configuration parameter ie I don’t have to figure it out myself…

If I return to Docker, I will try DevilBox, a local Docker LAMP Development Stack with HTTPS support: http://devilbox.org/

http://devilbox.org/

H

Hello Friends,

Can you please help me. im using docker for desktop to run .net core application. when it try to call the url trhough http , im getting ssl error. can you please help me .Thanks