Before you start, it is necessary to have followed the steps in the previous article.
Creating the files needed for SSL
To do this we will use a very handy tool: mkcert.
It is a tool that allows you to create certificates that can be used locally without any configuration.
To install mkcert, go to github.com/FiloSottile/mkcert#installation.
Don’t forget the command:
mkcert -install
Once this is done, create a folder in the nginx folder with the name certs.
In my example, I took testblog.local as a domain name.
Execute the following command
mkcert testblog.local
Created a new certificate valid for the following names ? - "testblog.local" The certificate is at "./testblog.local.pem" and the key at "./testblog.local-key.pem" ✅ It will expire on 8 March 2023 ?
Two files are now created
Let’s rename them to have a name that matches the standard for nginx
mv testblog.local-key.pem testblog.local.key mv testblog.local.pem testblog.local.crt
Nginx configuration
Now it’s time to change the configuration of the nginx server.
Starting from the basic Symfony file for the nginx configuration, just change the file as follows:
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name testblog.local;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name testblog.local;
root /var/www/symfony/public;
index index.php index.html index.htm;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ .php$ {
return 404;
}
ssl_certificate /etc/nginx/certs/testblog.local.crt;
ssl_certificate_key /etc/nginx/certs/testblog.local.key;
}
With the first part we redirect all requests made in http to https
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name testblog.local;
location / {
return 301 https://$host$request_uri;
}
}And then in the second part
listen 443 ssl; indicates that we are listening on https.
server_name testblog.local; indicates the desired URL.
ssl_certificate /etc/nginx/certs/testblog.local.crt; path to the certificate
ssl_certificate_key /etc/nginx/certs/testblog.local.key; path to the key
Configuration of the docker-compose file
In the nginx section it is necessary to mount the certificates in docker. To do so, in the desired section add the path. Don’t forget the port either.
nginx:
volumes:
- ...
- ./nginx/certs:/etc/nginx/certs
- ...
ports:
- "80:80"
- "443:443"Final result:
nginx:
build:
context: ./nginx
volumes:
- ../symfony:/var/www/symfony
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/sites/:/etc/nginx/sites-available
- ./nginx/conf.d/:/etc/nginx/conf.d
- ./nginx/certs:/etc/nginx/certs
depends_on:
- php-fpm
ports:
- "80:80"
- "443:443"Local /etc/hosts file configuration
Now you still need to change the /etc/hosts file in your host machine for the testblog.local website to be accessible
127.0.0.1 testblog.local