Production Meteor and Node, Using Docker, Part V
Set up SSL Termination on dockercloud/haproxy
Providing your SSL certificate to the load balancer is so simple, it's almost unbelievable. First, you will need your SSL certificate. Make sure you cat together any intermediate certificates your certificate provider requires. Refer to their instructions for how to do this. Instructions for NGINX are generally best to follow. You should end up with a single certificate file.
Project Ricochet is a full-service digital agency specializing in Open Source & Docker.
Is there something we can help you or your team out with?
Let's take a look at how to do this from the dockercloud/haproxy's README:
dockercloud/haproxy supports ssl termination on multiple certificates. For each application that you want SSL terminates, simply set SSL_CERT and VIRTUAL_HOST. HAProxy then, reads the certificate from the link environment and sets the SSL termination up.
Once you have the .pem file, you can run this command to convert the file correctly to one line:
awk 1 ORS='\\n' cert.pem
Copy the output and set it as the value of SSL_CERT or DEFAULT_SSL_CERT.
I recommend reading the rest of that documentation. Among other things, you'll want to make sure that your application services' VIRTUAL_HOST variables match on the https:// version of your URL. For example, if you have a value of "example.com", it won't match "https://example.com". Change it to just "https://example.com" or "example.com", "https://example.com" if you also want the application reachable on port 80.
If you only want SSL, be sure to set the FORCE_SSL variable to any value in your linked service.
Short and sweet, right? Well, we’ve got more coming your way soon. In the next installments, I look forward to covering:
- MongoDB Replication using volumes
- Backups (not boring anymore!)
Curious about how much it might cost to get help from an agency that specializes in Docker?
We're happy to provide a free estimate!