CODEWITHSUNDEEP
dockerapachedocker-composevirtualhostlamp
flowfab
flowfab

Reputation: 109

docker docker-compose multiple sub.domains with SSL/ port 443 & Apache ssl.conf VirtualHost and Dockerfile

how can I use sub-domains without the need to use a port number attached to the sub_n.domain.com:444

I do have:

I do have one of these "instances" running on port 443:

------below, the docker-compose.yml for the sub1.domain.com: ------------

 sub1:
    hostname: localhost
    container_name: sub1
    build:
      context: ./core
    restart: always
    volumes:
      - ./core/html:/var/www/html
      - ./core/apacheErrorLog:/var/www/apacheErrorLog

    tty: true
    ports:
      - "443:443"
      - "80:80"

------below, the Dockerfile (for the PHP-Apache): -------------

ADD ssl.conf /etc/apache2/sites-available/ssl.conf

RUN rm -rf /etc/apache2/sites-enabled/000-default.conf

COPY ./html/ /var/www/html/sub1/
 
RUN a2enmod ssl
RUN a2ensite ssl
RUN a2enmod vhost_alias
RUN a2enmod rewrite

CMD echo "ServerName localhost" >> /etc/apache2/apache2.conf

and, the ssl.conf

------- below the ssl.conf -----------------------

<VirtualHost *:80>
    ServerName sub1.domain.com
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    ErrorLog /var/log/apache2/error.log
    CustomLog /var/log/apache2/access.log common
</VirtualHost>

<VirtualHost *:443>
    ServerName sub1.domain.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/html/sub1
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    SSLEngine on
    
    SSLCertificateFile /etc/apache2/ssl_keys/cert.crt
    SSLCertificateKeyFile /etc/apache2/ssl_keys/key.key
    SSLCertificateChainFile /etc/apache2/ssl_keys/bundle.ca-bundle

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>



    <Directory /var/www/html/sub1>
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
    </Directory>


    DirectoryIndex index.php
</VirtualHost>

==============================================================

The problem is: if I now add a sub2.domain.com following/adapting these steps, I need to expose the docker-container to another port, eg 444 - and now, the correct "redirect" ro the DocumentRoot will only work, when the port is explicitly entered into the url - else, the "default for 443 (here: var/www/html/" is going to be used, no matter which sub_n. -domain is entered into the browser's url-address.

[added note some days later: this port is set in docker-compose.yml: exposed port 444 : 443 within the LAMP-stack (=SSL-default)] So: https://sub2.domain.com:444/ -> okay, goes into var/www/html/sub2/ (as defined for the service)

but https://sub2.domain.com/ -> false, goes into var/www/html/ (= the one defined for sub1 running in the sub1-docker-container and thus, the complete wrong docker service...)

[added note some days later: this behavior is totally okay: docker checks the ports for incoming data -> and redirects to the service that has this unique port set in docker-compose.yml]

Upvotes: 0

Views: 1793

Answers (1)

flowfab
flowfab

Reputation: 109

Okay, I found the "answer":

--> there is only one port 443 - and if you need to have several docker-containerized-LAMP-stacks running SSL-connected / accessible via ONE specific port, you need a special solution for doing that job, eg traefik reverse proxy: https://doc.traefik.io/traefik/providers/docker/ .

Perhaps, there are other / easier solutions for this, but I already do have some experience with traefik & docker-compose and its routing paradigm...

Feel free to add other, perhaps easier solutions!

Upvotes: 0

Related Questions