This guide walks you through how to configure a domain to a docker container and install an SSL certificate on AWS. Throughout this guide, you will learn how to provision an EC2 instance, install Docker, Run a docker container, install and configure Nginx, Install SSL, and set up DNS records. This article guide assumes that Docker is already installed on your system and that the DNS records of your domain are set up accordingly, otherwise, watch the YouTube video provided for these or check out this article on how to install Docker on Linux.
Step 1: Run a docker container
Run a docker container of your intended web application. Replace the docker command below with your preferred tags and image.
docker run --name dtechweb -d -p8001:8000 dannywangari/dtechnologies:2.0.0Step 2: Install Nginx webserver
Install Nginx webserver. This will serve as a reverse proxy for our domain name.
sudo apt update #update package repository
sudo apt install nginx -y #install NginxStep 3: Nginx Configuration To Configure a domain to a docker container
Set up the Nginx configurations to route traffic to the appropriate docker container.
sudo nano /etc/nginx/sites-available/dtechnologies.co.ke #run this to open the nano editor. Replace dtechnologies.co.ke with your domain name.
#The add the following and save
server {
listen 80;
server_name dtechnologies.co.ke;
location / {
proxy_pass http://127.0.0.1:8001; #this is the port on your container. Replace it accordingly.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}step 4: Enable Nginx Sites
Create a symbolic link to the sites-enabled directory with the configurations created above. Run the command below. Replace the subdomain/domain as needed.
sudo ln -s /etc/nginx/sites-available/dtechnologies.co.ke /etc/nginx/sites-enabled/Step 5: Test Nginx Configuration
It’s now time to test if the configurations used are correct. Run the command below. In case of errors, inspect the Nginx logs and fix them. If the test is successful, reload nginx.
sudo nginx -t
#if the test is ok, restart nginx
sudo systemctl restart nginxStep 6: Install Certbot
Certbot automates the process of obtaining and renewing SSL certificates from Let’s Encrypt. Run the following commands to install
sudo apt update
sudo apt install certbot python3-certbot-nginx -yStep 7: Obtain an SSL Certificate
Run the command below to provision an SSL certificate for your domain name. Cerbot will automatically configure Nginx for the domain name. Replace the stated domain name with your domain name.
sudo certbot --nginx -d dtechnologies.co.ke #follow the promptsThe command above performs the following tasks:
- Obtain a certificate from Let’s Encrypt.
- Modify your Nginx configuration to include the SSL settings.
- Set up automatic renewal for the certificate.
Step 8: Configure Nginx to Redirect HTTP to HTTPS
This step simply confirms that Certbot has already handled the configurations. Run the following to access the nginx settings for our domain name.
sudo nano /etc/nginx/sites-available/dtechnologies.co.keCheck and confirm that you have updated the SSL certificate blocks of code and enforced the HTTPS redirect. See the sample:
server {
server_name dtechnologies.co.ke;
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dtechnologies.co.ke/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dtechnologies.co.ke/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = dtechnologies.co.ke) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name dtechnologies.co.ke;
return 404; # managed by Certbot
}Step 9: Test the Nginx Configurations
Test the current state of the Nginx config and fix errors if they exist. If there are no errors, restart the Nginx service and proceed to ensure that your domain works as needed.
sudo nginx -t
sudo systemctl restart nginxStep 10: Set UP SSL Auto-Renewal
As previously mentioned, Certbot will set the autorenewal of the SSL certificate. To confirm this, Check Certbot Systemd Timer by running the following command:
sudo systemctl status certbot.timer
#if the above shows that its not active, run the following to activate:
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timerIn the worst-case scenario where the SSL certificate is not set to autorenew, you should create a cron job to handle the autorenewal. Run the following:
sudo crontab -e
#add the following:
0 0,12 * * * /usr/bin/certbot renew --quiet --renew-hook "systemctl reload nginx"
#This cron expression means "at minute 0 of hour 0 and 12 on every day of the month, and every day of the week." Essentially, it runs at midnight and noon every day. Save and exit!
#Run the following to verify the cron jon
sudo crontab -l
Make a donation to support us
Web Hosting and email hosting Packages
Related Posts:
- How to configure a domain to a docker container and install an SSL certificate on AWS
- How to Configure a Docker App to a Domain Name
- A Practical Tutorial for Dockerizing Software Applications
- Getting Started with Docker | Docker commands
- How to install Docker on a Linux machine
- How to deploy Django project on an Apache Server
