Perch on Docker, not only for local dev but also on a dockerised remote server (serving over HTTPS)

  • Since reading Rachel’s excellent tutorial…ker-for-local-development last year, I’ve been able to get several Perch-based sites running locally on Docker and it works really well.

    However I’ve had less luck in getting the same Docker-based environment to work on a remote server. That was the target for me – do the environmental set-up once then be able to bring it up easily via docker-compose elsewhere.

    I got tantalisingly close – my site was Dockerised and serving fine from my remote DigitalOcean server on http only – but the hump I couldn’t get over was to get LetsEncrypt secure certificate challenges to pass in order to serve the site over HTTPS. I tried hard but just couldn’t get the combination of Docker + Apache + LetsEncrypt to work. I ended up trashing that server and just building a new one with no Docker ;(.

    There seems to be more documentation out there for using LetsEncrypt/certbot in an Nginx + Docker environment, but the reasons I persisted with Apache were that:

    i) the original tutorial was based on Apache;

    ii) traditionally any Perch server config documentation has focused on Apache so Apache made sense; and

    iii) I personally know Apache better.

    Has anyone had any joy taking Rachel’s original post and successfully running it on your remote server, serving your site over HTTPS?

    I’m about to start a new project and am thinking about having another crack at this but any tips to get me over the hump would be much appreciated! I’d also be happy to switch from Apache to Nginx if that works better for the remote server certbot part.

    When I finally get there with this, I’m more than happy to write/share what I hope is a useful follow up piece to Rachel’s original post, sharing how to use that Docker Perch/Runway set-up both locally and on the remote server.

  • drewm

    Approved the thread.
  • So it sounds like your issue is not so much Perch related, but getting LetsEncrypt CertBot working in a Docker environment with Apache ?

    I havent specifically implemented Letsencrypt with Docker yet but I have a hard time seeing how a different web server would change anything. Essentially, you want CertBot to verify the host and save the certificate files locally on the server, then mount those certificates into your application container for use. So it wouldn't matter how / where the certificates come from. Apache or Nginx would see a .pem to use for a ssl certificate. I know there is a CertBot Docker image you could include into your systems docker-compose.yml to bring up a CertBot container. I would say you mount the location where CertBot saves the certificates into the container so you can share that between the CertBot container and the web server container. Then Apache should just be configured to use the .pem file like any other .pem certificate.

    As long as the server responds to the domain name for verification you should be good to go. And for renewal of the certificates, just setup a cron to issue the renew command within the CertBot container which will automatically update the certs available within the web server.

    Was there something specific that was giving you issues ?

  • @Jordin – many thanks for your input.

    You’re right: the issue isn’t so much Perch-related as Docker/Apache/Certbot related, but my feeling was that if a solution can be documented then it might be a useful tip for Perch users who are already using Docker locally.

    Your suggestion regarding mounting the location where Certbot has saved the certificates is good.

    So I guess I would firstly just create virtualhosts on the host server as normal then use certbot to get/install the certificates on the host server as normal before even running docker-compose up?

    I seem to recall that my problem before was that I was trying to install the certificates from within my docker Apache container and that was failing. Although my site was accessible over HTTP from a browser, the LE challenge was somehow failing when initiated from the Docker container. Maybe that was a stupid thing to do but it somehow felt against the spirit of using Docker for me to be doing lots of initial set-up on the host. It felt to me like all the set-up should be configured within docker files and run automatically on docker-compose up.

    Anyway I’m now considering your advice and have also been looking at these references:

    So I’ll try again and see how it goes.

  • @lauenceh,

    For your vhosts, yes on the host server you create a vhost that is just a proxy and passes the traffic for your domain name to localhost:port of your container. you may need to install some apache modules to be able to setup the proxy, i can't quite remember exactly which ones, but the first time i set this up there was a great tutorial in the digital ocean knowledge base I followed which was very helpful.

    I wouldn't install certbot on the host server, i would attach a certbot container to your docker-compose.yml so that it become part of that application ecosystem. I agree you probably shouldn't be installing a whole pack of stuff on the host to get something running on docker, that would seem to me to be against the Docker "philosophy" ... if you can call it that.

    For my setups, the only thing the server does is configure a proxy to pass traffic to a container depending on port and domain name and persist data outside the container using mounted directories.

    Good luck and post your result, it will surly be useful for others! :thumbup:

  • Hi Jordin,

    Really great advice and answers all my questions. Thanks!

    I have some sysadmin skills but I’m a developer really, so the idea of configuring proxies on the server fills me with a little bit of fear... however I won’t let that stop me :-).

    If I can get it working, I’ll definitely share how I did it.