SSL authentication inside docker (or outside)

[Maikel76]

Hello,
I'm following this manual to setup SSL authentication with a certificate on e.g. iphone that authenticates the connection to apache. (https://linuxconfig.org/apache-web-serv ... entication)
I have apache now running inside docker and used Sander's (Lokonli) workaround at viewtopic.php?p=289036&hilit=security#p289036 but it's not practical to keep inputting a 35char password

The idea is to put an unique signed certificate on a device (iphone ipad etc) which will authenticate the connection to my dashticz webpage from outside, if you dont have this certificate installed you cannot reach the webpage.

For the mentioned SSL authentication i need to enable a2enmod ssl which could be done via Dockerfile as something like this i think (following nelkinda.com);

Code: Select all

RUN ln -s ../mods-available/{ssl,expires,headers,rewrite}.load /etc/apache2/mods-enabled/  <-- will putting ssl there work?

I also need to passthrough <VirualHost _default_:8443> with SSLCertificateFile and SSLCertificateKeyFile
I would also passthrough SSLVerifyClient and SSLVerifyDepth and SSLCACertificateFile for two-way SSL authentication, see link for exact apache conf

Is it possible to passthrough these via Dockerfile and dashticz.conf ?
Or is it much easier to setup apache locally? I'm running Dashticz next to Domoticz on a raspberry pi

Important for me is to be able to easily keep updating Dashticz and apache2
Could anyone please help me a bit on the right track, I keep reading but getting nowhere

Maikel

[Maikel76]

Mmm ok so this question is a bit too much outside of the box maybe..
I just reversed the password modification so dashticz is running normal again

I really would like to run Dashticz as a manual apache+php install
Do i only need to follow the manual install setup at https://dashticz.readthedocs.io/en/beta ... stall.html ?
When i installed apache the symbolic link,

Code: Select all

sudo ln -s /home/pi/dashticz/ /var/www/html

will make sure i will run it from the new setup, isn't it ?
If i remove the docker container will I not lose any of the config files inside /home/pi/dashticz/custom ? (i use a custom css, js and CONFIG)

Thanks a lot in advance

[Lokonli]

Mmm ok so this question is a bit too much outside of the box maybe..
I just reversed the password modification so dashticz is running normal again

I really would like to run Dashticz as a manual apache+php install
Do i only need to follow the manual install setup at https://dashticz.readthedocs.io/en/beta ... stall.html ?

yes, that should work.

When i installed apache the symbolic link,

Code: Select all

sudo ln -s /home/pi/dashticz/ /var/www/html

will make sure i will run it from the new setup, isn't it ?

Correct

If i remove the docker container will I not lose any of the config files inside /home/pi/dashticz/custom ? (i use a custom css, js and CONFIG)

Correct

Thanks a lot in advance

You're welcome

[Maikel76]

Awesome,
I succesfully transformed to a local apache setup thanks to your clear answers.
Still struggling a bit with the SSL certificate but going to try to set that up tomorrow-morning
Will feedback here, maybe good for future adventurers