Enabling SSL on Docker - Signer

Stop the stack (if already running):

docker stack rm signer

Store the certificate and key files as secrets (replace signer.pem and signer.key below with your certificate and key files):

docker secret create signer_ssl_cert signer.pem
docker secret create signer_ssl_cert_key signer.key

Edit the Docker compose file:

nano signer-stack.yml

Uncomment the following entries:

...

secrets:
  ...
  # Uncomment to enable SSL
  signer_ssl_cert:
    external: true
  signer_ssl_cert_key:
    external: true

...

services:

  ...

  nginx:
    ...
    # Uncomment to enable SSL
    secrets:
      - signer_ssl_cert
      - signer_ssl_cert_key
    ports:
      - "80:80"
      # Uncomment to enable SSL
      - "443:443"

...

Edit the Nginx configuration file:

nano signer-proxy.conf

Uncomment the following entries:

...

    # Uncomment to enable SSL
    listen               443 ssl;
    ssl_certificate      /run/secrets/signer_ssl_cert;
    ssl_certificate_key  /run/secrets/signer_ssl_cert_key;

...

Edit the Signer configuration file:

nano signer.json

Make the following changes:

• Section Bindings
  • HttpsMode: change to RedirectPages to redirect to HTTPS users accessing the dashboard on HTTP
• Section General
  • SiteUrl: change the protocol of the URL to https, e.g. https://signer.patorum.com

Deploy the stack with the new configurations:

docker stack deploy -c signer-stack.yml signer

See also

• Installing Signer on Docker
• Using an external database on Docker
• Checking the system logs on Docker
• Persistent data (backup considerations)
• Using a stack with GrantID