Ths is a Dockerfile to build a container from the latest HTTPD image with A+ Overall Rating in SSL Labs with hardenized options.
Have your own SSL Certificate in the same folder.
-rw------- 1 root root 1708 Jun 22 05:22 privkey.pem
-rw-r--r-- 1 root root 3562 Jun 22 05:22 fullchain.pem
-rw-r--r-- 1 root root 692 Jun 22 05:22 README.md
-rw-r--r-- 1 root root 20929 Jun 22 05:27 httpd.conf
-rw-r--r-- 1 root root 243 Jun 22 05:38 Dockerfile
-rw-r--r-- 1 root root 13900 Jun 22 18:33 httpd-ssl.conf
- Just put your SSL Certificates in the same folder, in this example I use a free certificates from Letsencrypt. The
Dockerfilewill rename it in the HTTPD expected name.
privkey.pem-->/usr/local/apache2/conf/server.keyfullchain.pem-->/usr/local/apache2/conf/server.crt
- Modify the
httpd.conffile at the bottom to your domain name in order to redirect from HTTP to HTTPS.
<VirtualHost *:80>
ServerName your.domain.com
Redirect 301 / https://your.domain.com/
</VirtualHost>
-
Edit the
httpd-ssl.confin theServerNameandServerAdminoptions with your information. -
Build the image with the Dockerfile
docker build -t <image_name> .
- Run the image
docker run -dit -p 80:80 -p 443:443 --name www -v /var/www/html:/usr/local/apache2/htdocs/ <image_name>
- The
SSLCipherSuiteis modified to:
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- The SSL protocols are the following:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1