Wordpress docker enable ssl

cannot get https working with wordpress, my docker-compose.yml:

version: '3'
services:
  database:
    image: mysql:8.4
    container_name: database
    volumes:
      - database_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ********
      MYSQL_DATABASE:  wp_database
      MYSQL_USER: wp_user
      MYSQL_PASSWORD: ********
    networks:
      - wp_network

  wordpress:
    depends_on:
      - database
    image: wordpress:latest
    container_name: wordpress
    volumes:
      - ./wordpress:/var/www/html
    ports:
      - "8080:80"
    restart: always
    environment:
      WORDPRESS_DB_HOST: database:3306
      WORDPRESS_DB_USER: wp_user
      WORDPRESS_DB_PASSWORD:  ********
      WORDPRESS_DB_NAME: wp_database
    networks:
      - wp_network
  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./certs/my.website.com.cer.crt:/etc/nginx/ssl/cert.pem 
      - ./certs/my.website.com.key:/etc/nginx/ssl/key.pem 
    depends_on:
      - wordpress
    networks:
      - wp_network  
volumes:
  database_data:

networks:
  wp_network: 
    driver: bridge 

my nginx.conf

server {
    listen 80;
    server_name my.website.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name my.website.com;

    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

    location / {
        proxy_pass http://wordpress:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

but the website results in a 502 Bad Gateway
and docker logs nginx says

2025/01/29 08:28:49 [error] 20#20: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.50.15.17, server: my.website.com, request: "GET / HTTP/1.1", upstream: "http://172.29.0.3:8080/", host: "my.website.com"

when I go to the localhost website on port 8080 it works: links http://localhost:8080 works

Maybe simply use a reverse proxy like nginx-proxy, auto configured via env, no need to manually manage nginx configs. Or Traefik (example), which works with Docker and Docker Swarm.

solved, just configure apache2 in the wordpress container, leave out nginx

copy your ssl certicate files to the docker

docker cp certfile.crt certfile.key wordpress:/etc/certs

login the container

a2enmod ssl
a2ensite default-ssl.conf

edit /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/cert/certfile.crt
SSLCertificateKeyFile /etc/cert/certfile.key

restart apache

service apache2 restart

Containers are usually to “throw away”, it’s not best practice to change things manually in the container, as it will make upgrades a lot harder and require manual intervention every time.

The description of the official image mentions the reverse proxy as well

https://hub.docker.com/_/wordpress

When running WordPress with TLS behind a reverse proxy such as NGINX which is responsible for doing TLS termination, be sure to set X-Forwarded-Proto appropriately (see “Using a Reverse Proxy” in “Administration Over SSL” in upstream’s documentation⁠). No additional environment variables or configuration should be necessary (this image automatically adds the noted HTTP_X_FORWARDED_PROTO code to wp-config.php if any of the above-noted environment variables are specified).

But if you don’t want to use it, at least mount the files instead of copying so you will not lose the certs when you have to upgrade the image.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.