HTTPS Wordpress Docker

Enabling HTTPS on the standard WordPress Docker image

I’ve been using the WordPress Docker image as a means to safely experiment with plugins and themes for my blog. I use Let’s Encrypt issued certificates for the online site but I wanted to also use HTTPS for my local dev environment. So finding little guidance on how to do this online, I hacked away at the problem until I got it to work. So for your convenience follow these steps to get HTTPS to work on the stock WordPress Docker with Apache image (4.7.5-apache , ID ca96afcfa242).

I’m using Docker Compose to bring this all together. If you don’t use Compose you should still be able to adapt this guide to get it to work on your system.

  1. Spin up a default instance of WordPress
    If you don’t have an existing WordPress container ready to go follow these instructions from the Docker site. If you have an existing container setup then simply launch it. Your docker-compose.yml file should look something like this:

    version: '2'
    
    services:
        db:
            image: mysql:5.7
            volumes:
              - db_data:/var/lib/mysql
            restart: always
            environment:
                MYSQL_ROOT_PASSWORD: somewordpress
                MYSQL_DATABASE: wordpress
                MYSQL_USER: wordpress
                MYSQL_PASSWORD: wordpress
    
       wordpress:
            depends_on:
             - db
            image: wordpress:latest
            ports:
             - "80:80"
            restart: always
            environment:
                WORDPRESS_DB_HOST: db:3306
                WORDPRESS_DB_USER: wordpress
                WORDPRESS_DB_PASSWORD: wordpress
       volumes:
            db_data:
    
  2. Get a copy of the Apache configuration files
    Assuming you haven’t mounted the Apache configuration directories to a local volume, we need to make a copy so we can modify it. To do this you need to get the container name. Use the command “docker ps”

     
    $ docker ps
    CONTAINER ID  IMAGE            COMMAND                CREATED        STATUS        PORTS                                    NAMES
    2ea00fea6076  wordpress:latest "docker-entrypoint..." 19 minutes ago Up 19 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp blog_wordpress_1
    f7adb843228d  mysql:5.7        "docker-entrypoint..." 19 minutes ago Up 19 minutes 3306/tcp                                 blog_db_1
     
    

    You will need the container name which in this example is blog_wordpress_1. Then copy the contents of the Apache configuration directory to a local volume.

     
    $ sudo docker cp blog_wordpress_1:/etc/apache2 ~/blog/etc/apache2
     
    

    You can now shutdown the containers.

  3. Configure Apache to use SSL/HTTPS
    OK so this step has lots of parts to it so bear with me. First, enable  the SSL config by making a symbolic link to the default-ssl.conf.

     
    $ cd ~/blog/etc/apache2/sites-enabled
    $ ln -s ../sites-available/default-ssl.conf ./
     
    

    At this point we will edit this default-ssl.conf file to point it to your digital certificates. In my case I was lazy and put my certificates in to the sites-available directory.

     
    SSLCertificateFile      /etc/apache2/sites-available/blog.crt
    SSLCertificateKeyFile /etc/apache2/sites-available/blog.key
     
    

    Now you need to enable the shmcb module.

     
    $ cd ~/blog/etc/apache2/mods-enabled
    $ ln -s ../mods-available/socache_shmcb.load ./
     
    

    We’re nearly there. One more step

  4. Get the container to use this modified volume
    We now need get the container to use the modified configs and we do this by mounting the volume in the docker-compose.yml file. If you’re not using Compose then you will need to follow these instructions. Modify your docker-compose.yml to look something like this:

    version: '2'
    
    services:
        db:
            image: mysql:5.7
            volumes:
              - db_data:/var/lib/mysql
            restart: always
            environment:
                MYSQL_ROOT_PASSWORD: somewordpress
                MYSQL_DATABASE: wordpress
                MYSQL_USER: wordpress
                MYSQL_PASSWORD: wordpress
    
       wordpress:
            depends_on:
             - db
            image: wordpress:latest
            volumes:
              - ~/blog/etc/apache2:/etc/apache2
            ports:
             - "80:80"
             - "443:443"
            restart: always
            environment:
                WORDPRESS_DB_HOST: db:3306
                WORDPRESS_DB_USER: wordpress
                WORDPRESS_DB_PASSWORD: wordpress
       volumes:
            db_data:
    

    Some people have reported issues with relative paths so if Apache does not appear to be working at all (since the config files are “missing”) change the paths to absolute ones.

  5. Finishing touches, HTTPS redirect
    There are several ways to do HTTPS redirect. The most flexible way is to use URL rewrite in the Apache config files. Edit your 000-default.conf to look like:

    ServerAdmin webmaster@
    DocumentRoot /var/www/html
    <Directory "/var/www/html">  
    	RewriteEngine   on
    	RewriteBase /
    	# FORCE HTTPS
    	RewriteCond %{HTTPS} !=on
    	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    </Directory>
    

    Now you’re ready to go!

If you’ve followed these steps you should now have a containerised WordPress instance running with HTTPS. Since you’ve got self signed certificates your browser will complain about issues with the certificate. These can be safely ignored or certificate exceptions enabled.

A word of warning. These steps should not be used for production systems. What I’ve done here is sub-optimal in many ways. All it is, is the smallest number of changes that are needed to be made to get HTTPS working.

Enjoy!

Last modified: May 30, 2017 @ 16:37 UTC

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *