Web Server

The web server container responds to HTTP(s) requests and runs cron.

The web server container has all you need enabled for development; you can specify custom configurations using the ./docker/webserver/templates/* files.

In addition, the following directories are of interest:

  • The web root is available at ./www

  • Web server logs are available at ./docker/webserver/logs

  • LetsEncrypt certificates are available at ./docker/webserver/letsencrypt

On first make up the www folder will be created and the chosen framework (if applicable) installed into it.

SSL

Upon running make up the web server container will generate a certificate for the configured $DOMAIN, if one has already been generated it'll be reinstalled if it isn't already.

When working on localhost a self-signed certificate will be used, for all other domains (as specified by the $DOMAIN env var) both the naked domain and www subdomain will have a Let's Encrypt certificate generated and installed.

When working on localhost expect for your browser to throw insecure errors. This is because a self-signed certificate is being used. You can trust this certificate on your development machine to avoid this error.

Certificates will be renewed automatically by certbot using root's crontab; if you need to create or renew these manually then you are free to use the make ssl-create and make ssl-renew commands.

Trusting the localhost self-signed certificate

To avoid "insecure website" errors and to show a padlock in your browser you can trust the certificate included in the Environment. This certificate is identical between all instances of the Docker environment so trusting it for one project will mean it is trusted for another.

How you do this depends on your OS:

  1. Locate ./docker/webserver/ssl/localhost.crt

  2. Open Keychain Access

  3. Navigate to the Certificates section in the sidebar

  4. Drag the certifiate into Keychain Access

  5. Double click the certificate

  6. Under the Trust section, set it to Always Trust

  7. Close the window, you will be asked for your password

  8. Your Mac will now trust this certificate when it is used 🎉

🕵️‍♂️ If you are extra cautious you may wish to generate your own self-signed certificate. You can inspect the generation process used [and regenerate certs] in:

./docker/webserverb/ssl/generate.sh

Note: If you do re-generate a certificate you will need to trust each project independently or copy this new certificate into your existing and future projects.

Securing additional domains

By default, certbot will check DNS for $DOMAIN and www.$DOMAIN and generate a single certificate for both. If you need to add additional domains to the certificate you can do so by specifying them as a comma separated list as the $SSL_ADDITIONAL_DOMAINS env var.

Cron

There is an empty crontab which you can populate at ./docker/webserver/crontab. This will populate in the web server when make up is called. If needed, you can populate root's crontab using the template at ./docker/webserver/crontab-root.

The crontab is synced to the container each time make up is called. Changes made within the container (using crontab -e) will be synced back to the host immediately.

PreviousContainersNextDatabase

Last updated

Was this helpful?