0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

【素人の備考録】Docker-ComposeでSSL可(自己証明書)を自動化してみた

Posted at

##1. はじめに
Docker-composeを用い自動的にSSL 可(自己証明書)の検証をしました。
WordPress 2セット、phpMyAdminを構築しました。
作業機器:Raspberry Pi 4 Model B OS:CentOS 8

##2. 検証環境(フォルダ、ファイル)
###2.1 フォルダ構成

 |---------- .env →環境ファイル
 |---------- certs
 |             server.crt、server.key →自己証明書ファイル
 |---------- docker-compose.yml
 |---------- php
 |              php.ini →wordpress設定ファイル
 |---------- ssl
 |              default-ssl.conf →SSL設定ファイル
 |---------- tmp
 |              Dockerfile-pm →phpmyadmin用
 |              Dockerfile-wp →Wordpress用

###2.2 各々のファイル

.env
DBUSER=root
DBPASS=root-pass
DATABASE1=wp1-db
DATABASE2=wp2-db
DBHOST=db:3306
docker-compose.yml
version: '3.3'

services:
  db:
    image: mariadb:latest
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    container_name: mariadb
    environment:
      TZ: Asia/Tokyo
      MYSQL_ROOT_PASSWORD: ${DBPASS}

  phpmyadmin:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-pm
    volumes:
      - ./certs:/etc/ssl/private
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
    ports:
      - 8243:443
    restart: always
    container_name: phpmyadmin
    environment:
      PMA_HOST: db
      TZ: Asia/Tokyo

  wordpress1:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-wp
    volumes:
      - ./wp1:/var/www/html
      - ./certs:/etc/ssl/private
      - ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
      - ./tmp:/tmp
    ports:
      - "8043:443"
    restart: always
    container_name: wordpress1
    environment:
      TZ: Asia/Tokyo
      WORDPRESS_DB_HOST: ${DBHOST}
      WORDPRESS_DB_USER: ${DBUSER}
      WORDPRESS_DB_PASSWORD: ${DBPASS}
      WORDPRESS_DB_NAME: ${DATABASE1}

  wordpress2:
    depends_on:
      - db
    build:
      context: ./tmp/
      dockerfile: Dockerfile-wp
    volumes:
      - ./wp2:/var/www/html
      - ./certs:/etc/ssl/private
      - ./php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - ./ssl/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
      - ./tmp:/tmp
    ports:
      - "8143:443"
    restart: always
    container_name: wordpress2
    environment:
      TZ: Asia/Tokyo
      WORDPRESS_DB_HOST: ${DBHOST}
      WORDPRESS_DB_USER: ${DBUSER}
      WORDPRESS_DB_PASSWORD: ${DBPASS}
      WORDPRESS_DB_NAME: ${DATABASE2}

volumes:
    db_data: {}
php.ini
post_max_size = 20M
upload_max_filesize = 20M

備考:アップロード用ファイルサイズを指定します。

default-ssl.conf
:※省略
32行 SSLCertificateFile	/etc/ssl/private/server.crt
33行 SSLCertificateKeyFile /etc/ssl/private/server.key
:※省略

備考:32行、33行のみを修正したファイルです。

Dockerfile-pm
FROM phpmyadmin:latest

RUN service apache2 start

RUN a2ensite default-ssl

RUN a2enmod ssl
Dockerfile-wp
FROM wordpress:latest

RUN service apache2 start

RUN a2ensite default-ssl

RUN a2enmod ssl

RUN chmod 777 /tmp

備考:ファイルアップロード時にtmpフォルダにアクセス権を付与している。

###3. 実行します。

# docker-compose up -d
Creating network "docker_wp_default" with the default driver
Creating volume "docker_wp_db_data" with default driver
Pulling db (mariadb:latest)...
latest: Pulling from library/mariadb
a970164f39c1: Pull complete
e9c66f1fb5a2: Pull complete
94362ba2c285: Pull complete
6bcca3b8e9ae: Pull complete
4574fdafdba3: Pull complete
880d0554f10d: Pull complete
42f3039f6a26: Pull complete
84249a7eb6ff: Pull complete
d0c034fd6c1f: Pull complete
2b6de021f14a: Pull complete
0d8fa68dc283: Pull complete
675456d7859d: Pull complete
Digest: sha256:cdc553f0515a8d41264f0855120874e86761f7c69407b5cfbe49283dc195bea8
Status: Downloaded newer image for mariadb:latest
Building phpmyadmin
Step 1/4 : FROM phpmyadmin:latest
 ---> 9bd7e29f6e60
Step 2/4 : RUN service apache2 start
 ---> Running in 1053de9c2f76
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 1053de9c2f76
 ---> 68db5fb82369
Step 3/4 : RUN a2ensite default-ssl
 ---> Running in 8ddc3b6f9ecb
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
Removing intermediate container 8ddc3b6f9ecb
 ---> a20eb2b906ec
Step 4/4 : RUN a2enmod ssl
 ---> Running in 80cd71dbcf92
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Removing intermediate container 80cd71dbcf92
 ---> 2e6c3e41fd0e

Successfully built 2e6c3e41fd0e
Successfully tagged docker_wp_phpmyadmin:latest
WARNING: Image for service phpmyadmin was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress1
Step 1/5 : FROM wordpress:latest
 ---> aa391b024db5
Step 2/5 : RUN service apache2 start
 ---> Running in 9f1feb98ad8b
Starting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
.
Removing intermediate container 9f1feb98ad8b
 ---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
 ---> Running in 6f10096df3eb
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
Removing intermediate container 6f10096df3eb
 ---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
 ---> Running in 406f2cbef4cf
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Removing intermediate container 406f2cbef4cf
 ---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
 ---> Running in 0d2e6a1bf658
Removing intermediate container 0d2e6a1bf658
 ---> f80f64964118

Successfully built f80f64964118
Successfully tagged docker_wp_wordpress1:latest
WARNING: Image for service wordpress1 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building wordpress2
Step 1/5 : FROM wordpress:latest
 ---> aa391b024db5
Step 2/5 : RUN service apache2 start
 ---> Using cache
 ---> 519ebf0e67ca
Step 3/5 : RUN a2ensite default-ssl
 ---> Using cache
 ---> c0070ac57d4a
Step 4/5 : RUN a2enmod ssl
 ---> Using cache
 ---> bbe8093cf658
Step 5/5 : RUN chmod 777 /tmp
 ---> Using cache
 ---> f80f64964118

Successfully built f80f64964118
Successfully tagged docker_wp_wordpress2:latest
WARNING: Image for service wordpress2 was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating mariadb ... done
Creating wordpress2 ... done
Creating phpmyadmin ... done
Creating wordpress1 ... done

###3.1 Dockerを確認します。

# docker-compose ps
   Name                 Command               State               Ports            
-----------------------------------------------------------------------------------
mariadb      docker-entrypoint.sh mysqld      Up      3306/tcp                     
phpmyadmin   /docker-entrypoint.sh apac ...   Up      0.0.0.0:8243->443/tcp, 80/tcp
wordpress1   docker-entrypoint.sh apach ...   Up      0.0.0.0:8043->443/tcp, 80/tcp
wordpress2   docker-entrypoint.sh apach ...   Up      0.0.0.0:8143->443/tcp, 80/tcp

###3.2 Dockerイメージを確認します。

# docker images
REPOSITORY             TAG                     IMAGE ID       CREATED              SIZE
docker_wp_wordpress1   latest                  f80f64964118   About a minute ago   494MB
docker_wp_wordpress2   latest                  f80f64964118   About a minute ago   494MB
docker_wp_phpmyadmin   latest                  2e6c3e41fd0e   About a minute ago   430MB

備考:実行中のWARNING: Image for service wordpress2 was built because it did not already exist. に関係していると思われるが?

docker-ssl.png

##後書き
Docker-composeとDockerを組み合わせて検証した。SSL可はDockerにインストールされているApacheに対してであった。この方法はあくまで自己検証です!

0
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?