Installation of HTTPS on a Symfony5, Docker and Nginx system
Before you start, it is necessary to have followed the steps in the previous article.
Creating the files needed for the SSL
To do this we will use a very handy mkcert tool.
It is a tool that allows you to create certificates that can be used locally without any configuration.
To install mkcert, go to github.com/FiloSottile/mkcert#installation.
Don’t forget the command:
mkcert -install
Once this is done, create a folder in the nginx folder with the name certs.
In my example, I took testblog.local as a domain name.
Execute the following command
mkcert testblog.local
Created a new certificate valid for the following names 📜 - "testblog.local" The certificate is at "./testblog.local.pem" and the key at "./testblog.local-key.pem" ✅ It will expire on 8 March 2023 🗓
Two files are now created
Let’s rename them to have a name that matches the standard for nginx
mv testblog.local-key.pem testblog.local.key mv testblog.local.pem testblog.local.crt
Configuration Nginx
Now it’s time to change the configurations of the nginx server.
Starting from basic symfony file for the nginx configuration just change the file as well:
server { listen 80; listen [::]:80 ipv6only=on; server_name testblog.local; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name testblog.local; root /var/www/symfony/public; index index.php index.html index.htm; location / { try_files $uri /index.php$is_args$args; } location ~ ^/index\.php(/|$) { fastcgi_pass php-upstream; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; internal; } location ~ \.php$ { return 404; } ssl_certificate /etc/nginx/certs/testblog.local.crt; ssl_certificate_key /etc/nginx/certs/testblog.local.key; }
With the first part we redirect all queries made in https
server { listen 80; listen [::]:80 ipv6only=on; server_name testblog.local; location / { return 301 https://$host$request_uri; } }
And then in the second part
listen 443 ssl; indicates that we are listening to https.
server_name testblog.local; indicates the desired url.
ssl_certificate /etc/nginx/certs/testblog.local.crt; pathname to the certificate
ssl_certificate_key /etc/nginx/certs/testblog.local.key; pathname to the key
Configuration of the docker-compose file
In the section of nginx it is necessary to mount the certificates in the docker, to be done, in the desired selection add the path. Don’t forget the port either.
nginx: volumes: - ... - ./nginx/certs:/etc/nginx/certs - ... ports: - "80:80" - "443:443"
Final result:
nginx: build: context: ./nginx volumes: - ../symfony:/var/www/symfony - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./nginx/sites/:/etc/nginx/sites-available - ./nginx/conf.d/:/etc/nginx/conf.d - ./nginx/certs:/etc/nginx/certs depends_on: - php-fpm ports: - "80:80" - "443:443"
Local file configuration /etc/hosts
Now you still need to change the file /etc/hosts in your host machine for the siteweb testblog.local to be accessible
127.0.0.1 testblog.local