Installation of HTTPS on a Symfony5, Docker and Nginx system

Before you start, it is necessary to have followed the steps in the previous article.

Creating the files needed for the SSL

To do this we will use a very handy mkcert tool.

It is a tool that allows you to create certificates that can be used locally without any configuration.

To install mkcert, go to github.com/FiloSottile/mkcert#installation.

Don’t forget the command:

mkcert -install

Once this is done, create a folder in the nginx folder with the name certs.

In my example, I took testblog.local as a domain name.

Execute the following command

mkcert testblog.local

Created a new certificate valid for the following names 📜
 - "testblog.local"

The certificate is at "./testblog.local.pem" and the key at "./testblog.local-key.pem" ✅

It will expire on 8 March 2023 🗓

Two files are now created

Let’s rename them to have a name that matches the standard for nginx

mv testblog.local-key.pem testblog.local.key
mv testblog.local.pem testblog.local.crt

 

Configuration Nginx

Now it’s time to change the configurations of the nginx server.

Starting from basic symfony file for the nginx configuration just change the file as well:

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    server_name testblog.local;
    location / {
         return 301 https://$host$request_uri;

    }
}

server {
    listen 443 ssl;
    server_name testblog.local;
    root /var/www/symfony/public;
    index index.php index.html index.htm;

    location / {
         try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        fastcgi_pass php-upstream;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;

        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;

        internal;
    }

    location ~ \.php$ {
        return 404;
    }

    ssl_certificate     /etc/nginx/certs/testblog.local.crt;
    ssl_certificate_key /etc/nginx/certs/testblog.local.key;

}

With the first part we redirect all queries made in https

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    server_name testblog.local;
    location / {
         return 301 https://$host$request_uri;

    }
}

And then in the second part

listen 443 ssl;  indicates that we are listening to https.
server_name testblog.local; indicates the desired url.
ssl_certificate /etc/nginx/certs/testblog.local.crt;  pathname to the certificate
ssl_certificate_key /etc/nginx/certs/testblog.local.key; pathname to the key

Configuration of the docker-compose file

In the section of nginx it is necessary to mount the certificates in the docker, to be done, in the desired selection add the path. Don’t forget the port either.

nginx:
  volumes:
    - ...
    - ./nginx/certs:/etc/nginx/certs
    - ...
  ports:
    - "80:80"
    - "443:443"

Final result:

nginx:
  build:
    context: ./nginx
  volumes:
    - ../symfony:/var/www/symfony
    - ./nginx/nginx.conf:/etc/nginx/nginx.conf
    - ./nginx/sites/:/etc/nginx/sites-available
    - ./nginx/conf.d/:/etc/nginx/conf.d
    - ./nginx/certs:/etc/nginx/certs
  depends_on:
    - php-fpm
  ports:
    - "80:80"
    - "443:443"

Local file configuration /etc/hosts

Now you still need to change the file /etc/hosts in your host machine for the siteweb testblog.local to be accessible

127.0.0.1 testblog.local