How to enable HTTPS on Tomcat in a Docker Container?

Question

I'm new to Tomcat and Docker, and am stuck trying to enable https on my website. First on the server, not in any container:

a) I generated a CSR

b) Acquired a commercial SSL certificate

c) Placed the certificates in a folder on the server /etc/docker/certs

d) Then created my Docker containers with the configuration below

I can use the command docker exec -it <container-id> sh to navigate my container. I can edit server.xml and web.xml but I realize I should install the certificates at the OS level outside the container if I want https configuration to persist past individual containers. In other words, I should be able to remove a container, and create another one without needing to reinstall the ssl.

How can I do this? Any ideas?. Thanks in advance! Below are my configurations:

1.Database

docker run -d --name=example-db --restart=always --net=example-net --mount type=volume,src=mydbdata,target=/example-db --hostname=example-db -e POSTGRES_DB=mydb -e POSTGRES_USER=myuser -e POSTGRES_PASSWORD=secret myapp/db

2.Application

docker run -d --name=example-app --restart=always --mount type=volume,src=mydata,target=/example-app -p 80:8080 --net=example-net -e DB_HOST=example-db -e DB_NAME=mydb -e DB_USER=myuser -e DB_PASSWORD=secret myapp/myapp

Again thanks for your help. Art

Answer 1

You can map the external certs into a container at docker run time using bind mounts. Assuming your certs are in /etc/docker/certs on the host, and you want them to be at /etc/ssl/certs in the container, then add either of the following:

-v /etc/docker/certs:/etc/ssl/certs:ro

or

--mount type=bind,src=/etc/docker/certs,dst=/etc/ssl/certs,readonly

Your Tomcat config would use /etc/ssl/certs as its path in this case.