Enable SSL on docker

[ramseylewis]

Hello,

On a windows 10, I have a docker container for domoticz and I wonder how to enable ssl ? even with its a self signed cert.
I added the env variable to my docker-compose "ENV SSL_PORT=443" + and binded the ports as well (will post my docker-compose later), but I can't access domoticz on with https.
Can you help me ?

Thanks

[ramseylewis]

Hello.

Nobody can help me ? I can't imagine nobody is using ssl on domoticz

[kiddigital]

Did you test in the running Container that Domoticz is started correctly with SSL enabled?

And did you forward the Container port correctly? How does your compose file look like?

[palbeda]

I was able to get HTTPS running on the latest domoticz/domoticz image, but it was not as simple if it was possible to restart Domoticz from the webinterface, which does not work within Docker.

Steps:
1- Make sure you have a Domoticz container succesfull running with the built in SSL certificates in Docker
2- Prepare your own ssl certificate file and copy this in the running container: sudo docker cp <certificate-name> <running container>:/opt/domoticz/
3- Make a backup of your database to prevent loosing data
4- Stop the running container: sudo docker stop <running container>
5-Commit the running container to a new Docker image: sudo docker commit <running container> <new image name>
6- Make a new container: sudo docker run -d -p 8080:8080 -p 443:443 -v /opt/domoticz/userdata -e TZ=Europe/Amsterdam --name domoticz-new <new-image name>

Without any doubt unnecessary difficult, but I found this procedure after a long search on the internet, so I decided to share. Please post here if you have a more simple procedure that works

[waltervl]

It should be possible to define the certificate with command ARGS that have to be added to the docker startup environment as
EXTRA_CMD_ARG see

https://hub.docker.com/r/domoticz/domoticz
And
https://www.domoticz.com/wiki/Command_line_parameters

-sslwww port (for example -sslwww 443, or -sslwww 0 to disable https)

-sslcert file_path (for example /opt/domoticz/server_cert.pem)

-sslkey file_path (if different from certificate file)

-sslpass passphrase (to access to server private key in certificate)

-sslmethod method (supported methods: tlsv1, tlsv1_server, sslv23, sslv23_server, tlsv11, tlsv11_server, tlsv12, tlsv12_server)

-ssloptions options (for SSL options, default is 'default_workarounds,no_sslv2,no_sslv3,no_tlsv1,no_tlsv1_1,single_dh_use')

-ssldhparam file_path (for SSL DH parameters)


If no –sslcert parameter is provided, Domoticz will use server_cert.pem from its installation folder

[waltervl]

And additional in this topic also a user enabled ssl on docker viewtopic.php?t=40779

[redswan]

Is this topic no longer available, link gives 404 error!

[gizmocuz]

But some hints are already posted above.

Another option is to use NGINX proxy manager (also via docker compose)
With this you can make all your non-ssl services ssl aware with a valid certificate and it's easily to manage
(That is, if you have your own domain)

Anyway, you should be able to modify the docker compose yml file to read

ports:
- "8080:8080"
- "443:443"
- "3201:3201"

And now you should be able to access this with https

you can also use another port, for instance

ports:
- "8080:8080"
- "4443:443"
- "3201:3201"

If your machines IP address if 192.168.0.2, you should be able to access Domoticz via

https://192.168.0.2:4443

[gizmocuz]

We have a default certificate installed that should 'just' work

[jannl]

I use ssl on a docker container to issue a WOL ping to wake up another system in my network. This because the 'wake on power' option in the BIOS is no longer present.

This is done via self signed certificates. The mentioned command is the only thing that the ssh does, so when I issue a ssh to the host, the command is fired and the ssh connection is closed.

For just using ssh, exec in the container and install ssh. Remember to make it persistent via customstart.sh

Not sure if I was wise enough to save the steps I did

ssh into the docker I would not do. SSH out of the docker is also a cyber risk, hence the certificates and the minimum functionality.

Fot 'fooling' around in the docker container, exec works great.