Setup HTTPS with Nginx and Docker Compose: Step-by-Step Guide

If you want to secure your web application deployed using docker compose with HTTPS, you should be interested in this guide. In this guide, you will learn how to use Nginx and Certbot as a certificate manager to set up HTTPS for your web application. This guide assumes that you have some basic knowledge of Docker, Nginx, and Certbot.

Prerequisites

You need to have some basic setups done before running this setup as mentioned below:

1. Docker Engine
2. Docker Compose
3. Live domain name pointed to the IP of your server
4. DNS propagation should be completed

Create Project

If you are already having your docker compose based application running you can skip this step and go to configure docker-compose.yml. If you are testing this setup you can proceed by creating a project directory.

sudo mkdir secure-web-app

Now you can start configuring the yaml file.

Configure Docker Compose YAML file

You can create a file with any name for your configurations, by default docker compose up command checks the configurations from the docker-compose.yml file. Create a file using the below the command.

sudo nano docker-compose.yml

Copy the below configurations and paste them in the newly created file.

version: "3.9"
services:
    nginx:
        container_name: nginx
        image: nginx:latest
        restart: unless-stopped
        ports:
            - 80:80
            - 443:443
        volumes:
            - ./nginx/conf:/etc/nginx/conf.d
            - ./certbot/conf:/etc/nginx/ssl
            - ./certbot/data:/var/www/html
    certbot:
        container_name: certbot
        image: certbot/certbot:latest
        command: certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --no-eff-email -d domain.com -d www.domain.com
        volumes:
            - ./certbot/conf:/etc/letsencrypt
            - ./certbot/logs:/var/log/letsencrypt
            - ./certbot/data:/var/www/html

Make sure to replace [email protected] with your email address and the domain.com with your own domain name.

Hit CTRL-X followed by Y and ENTER to save and exit the file.

Docker Compose Configuration Details

Here are the configuration details.

• version: Compose file version which is compatible with the Docker Engine. You can check compatibility here. If you are using v2 then this element is optional.
• services: Here we have 2 services named nginx and certbot.
• image: We use latest Nginx and Certbot images available in Docker hub.
• volumes:
  • conf: here we will place the Nginx configuration file to be synced with the default Nginx conf.d folder inside the container.
  • cedtbot/conf: this is where we will receive the SSL certificate and this will be synced with the folder we wish to inside the container.
  • ports: configure the container to listen upon the listed ports.
  • command: the command used to receive the SSL certificate.

Configure Nginx

As we specified the location of Nginx configuration in docker-compose file we need to create the directory inside our project directory.

sudo mkdir -p nginx/conf

This directory should be located inside the main project directory we created above that is secure-web-app

Create the Nginx configuration file inside the directory we created above without SSL configuration. This is because at the current time we don’t have SSL, so if we deploy with SSL configuration we will end up with a failure. So initialising the deployment without SSL configuration will get the SSL certificates we mentioned in the compose file.

sudo nano nginx/conf/default.conf

Copy the below configuration and paste the contents to the file.

server {
    listen [::]:80;
    listen 80;

    server_name domain.com www.domain.com;

    root /var/www/html;
    index index.html index.php;

    location ~ /.well-known/acme-challenge {
        allow all; 
        root /var/www/html;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ ^/.user.ini {
        deny all;
    }

    location ~*  .(svg|svgz)$ {
        types {}
        default_type image/svg+xml;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
}

Make sure to replace the domain name with your own domain name.

Hit CTRL-X followed by Y and ENTER to save and exit the file.

Now you have your docker compose configuration and your Nginx configuration.

Deploy using Docker Compose

Start the containers using the following command, you will receive the SSL certificates inside the conf directory and will be in sync with the /etc/nginx/ssl directory once the containers are started.

docker-compose up -d

Once all containers are started you will see one additional directory named certbot created alongside your docker-compose.yml file.

The directory certbot holds all the files related to your SSL certificates.

To view the containers you can execute the following command.

docker-compose ps

Configure Let’s Encrypt SSL with Nginx

As you have received the Let’s Encrypt SSL certificate you can configure HTTPS and setup redirection to HTTPS.

Edit the default.conf and make the following changes.

nano nginx/conf/default.conf

Copy the below configuration and replace the entire contents of the file.

server {
    listen [::]:80;
    listen 80;

    server_name domain.com www.domain;

    return 301 https://www.domain.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name domain.com;

    ssl_certificate /etc/nginx/ssl/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/domain.com/privkey.pem;

    return 301 https://www.domain.com$request_uri; 
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name www.domain.com;

    ssl_certificate /etc/nginx/ssl/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/domain.com/privkey.pem;

    root /var/www/html;
    index index.html index.php;

    location ~ /.well-known/acme-challenge {
        allow all; 
        root /var/www/html;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ ^/.user.ini {
        deny all;
    }

    location ~*  .(svg|svgz)$ {
        types {}
        default_type image/svg+xml;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
}

Make sure to replace the domain name with your own domain name.

The above configuration configures SSL and make a redirection from HTTP to HTTPS.

Hit CTRL-X followed by Y and ENTER to save and exit the file.

Now restart the Nginx service to load the new configurations.

docker-compose restart nginx

Now you can check your domain name from your browser. You will get a redirection to HTTPS and you will see your web app secured with HTTPs.

Conclusion

In this guide, we have learned how to set up HTTPS for our web application using Nginx, Certbot, and Docker Compose. We have seen how to use Nginx to redirect HTTP requests to HTTPS and serve our application. We have also seen how to use Certbot to obtain and renew SSL certificates from Let’s Encrypt, a free and trusted certificate authority.

We hope this guide was helpful and informative. Please share your questions in the comments section.