/docker-apache2-ssl-secure

A Docker Apache2 Container based on _/ubuntu:14.04 which is pretty simillar to marvambass/nginx

Primary LanguageShellMIT LicenseMIT

Docker very secured Apache2 with secure SSL (marvambass/apache2-ssl-secure)

maintained by MarvAmBass

FAQ - All you need to know about the marvambass Containers

What is it

This Dockerfile (available as marvambass/apache2-ssl-secure) gives you a ready to use secured production apache2 server, with good configured SSL.

View in Docker Registry marvambass/apache2-ssl-secure

View in GitHub MarvAmBass/docker-apache2-ssl-secure

Environment variables and defaults

  • HSTS_HEADERS_ENABLE
  • default: not set - if set to any value the HTTP Strict Transport Security will be activated on SSL Channel
  • HSTS_HEADERS_ENABLE_NO_SUBDOMAINS
  • default: not set - if set together with HSTS_HEADERS_ENABLE and set to any value the HTTP Strict Transport Security will be deactivated on subdomains

Running marvambass/apache2-ssl-secure Container

This Dockerfile is not really made for direct usage. It should be used as base-image for your apache2 project. But you can run it anyways.

You should overwrite the /etc/apache2/external/ with a folder, containing your apache2 *.conf files (VirtualHosts etc.), certs and a dh.pem.
If you forget the dh.pem file, it will be created at the first start - but this can/will take a long time!

docker run -d \
-p 80:80 -p 443:443 \
-v $EXT_DIR:/etc/apache2/external/ \
marvambass/apache2-ssl-secure

Based on

This Dockerfile is based on the /_/ubuntu:14.04/ Official Image.

Cheat Sheet

Creating a high secure SSL CSR with openssl

This cert might be incompatible with Windows 2000, XP and older IE Versions

openssl req -nodes -new -newkey rsa:4096 -out csr.pem -sha256

Creating a self-signed ssl cert

Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:

openssl req -x509 -newkey rsa:4086 \
-keyout key.pem -out cert.pem \
-days 3650 -nodes -sha256