From fe9d96ed32e2e3e26160fff8361fa7081743c7ab Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 10 Aug 2018 13:37:46 -0700 Subject: [PATCH] Update httpd SSL documentation --- httpd/content.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/httpd/content.md b/httpd/content.md index d23f7d417..4823f8115 100644 --- a/httpd/content.md +++ b/httpd/content.md @@ -45,6 +45,28 @@ COPY ./my-httpd.conf /usr/local/apache2/conf/httpd.conf #### SSL/HTTPS -If you want to run your web traffic over SSL, the simplest setup is to `COPY` or mount (`-v`) your `server.crt` and `server.key` into `/usr/local/apache2/conf/` and then customize the `/usr/local/apache2/conf/httpd.conf` by removing the comment from the line with `#Include conf/extra/httpd-ssl.conf`. This config file will use the certificate files previously added and tell the daemon to also listen on port 443. Be sure to also add something like `-p 443:443` to your `docker run` to forward the https port. +If you want to run your web traffic over SSL, the simplest setup is to `COPY` or mount (`-v`) your `server.crt` and `server.key` into `/usr/local/apache2/conf/` and then customize the `/usr/local/apache2/conf/httpd.conf` by removing the comment symbol from the following lines: -The previous steps should work well for development, but we recommend customizing your conf files for production, see [httpd.apache.org](https://httpd.apache.org/docs/2.2/ssl/ssl_faq.html) for more information about SSL setup. +```apacheconf +... +#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +... +#LoadModule ssl_module modules/mod_ssl.so +... +#Include conf/extra/httpd-ssl.conf +... +``` + +The `conf/extra/httpd-ssl.conf` configuration file will use the certificate files previously added and tell the daemon to also listen on port 443. Be sure to also add something like `-p 443:443` to your `docker run` to forward the https port. + +This could be accomplished with a `sed` line similar to the following: + +```dockerfile +RUN sed -i \ + -e 's/^#\(Include .*httpd-ssl.conf\)/\1/' \ + -e 's/^#\(LoadModule .*mod_ssl.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_socache_shmcb.so\)/\1/' \ + conf/httpd.conf +``` + +The previous steps should work well for development, but we recommend customizing your conf files for production, see [httpd.apache.org](https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html) for more information about SSL setup.