Enable SSL for WordPress docker
This session is an extra step, it can enable the SSL for wordpress
First, we need to understand background first
When a browser connect to a website with SSL available, it will check the SSL cert in that web server
In Synology, it available us to generate Let’s Encrypt Cert and it also auto renew the cert if necessary
However, the wordpress container cannot access these Let’s Encrypted Cert
So, at there, we plan to do following to enable SSL cert
- Locate Synology Encrypted Cert location
- copy these cert file to another location which container can access
- Fix file permission after copy
- Mount these filesystem to container
- Config apache SSL module
- Enable apache SSL module
- Restart apache
Step 1: Synology Cert location
Synology default Cert locate at:
/usr/syno/etc/certificate/_archive
However, there are many cert in this folder and we need to read file INFO to find the mapping between cert and domain.
For example, www.totao.info Cert located at:
/usr/syno/etc/certificate/_archive/2SGwuR
And, when we enable HTTPS ReverseProxy at Synology, It will also copy the relative Cert to
/usr/syno/etc/certificate/ReverseProxy/91babccc-e064-4982-8e8e-0b97295113e5
** I donno will this Cert also auto renew in this location
Step 2: copy these cert file to another location which container can access
Using file Station, create a folder path as follow
/volume1/docker/web-wordpress/apache2-ssl/LetEncrypt
Create a script, named as daily_copy_SSL_cert.sh , locate at /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt
| cp -p /usr/syno/etc/certificate/ReverseProxy/91babccc-e064-4982-8e8e-0b97295113e5/cert.pem /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt/ cp -p /usr/syno/etc/certificate/ReverseProxy/91babccc-e064-4982-8e8e-0b97295113e5/chain.pem /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt/ cp -p /usr/syno/etc/certificate/ReverseProxy/91babccc-e064-4982-8e8e-0b97295113e5/privkey.pem /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt/ |
Step 3: Fix ownership and permission after copy
The ownership and privileges are incorrect
We regenerate these file privileges by copying from another file
| cd /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt chown nasadmin:users /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt/*.pem find /volume1/docker/web-wordpress/apache2-ssl/LetEncrypt -type f -name ‘*.pem’ -exec synoacltool -copy /volume1/docker/web-wordpress/apache2-ssl/setup/clone_cert_to_docker.sh {} \; |
Step 4: Mapping this folder to wordpress container
Just similar as before, at container detail, add mapping with folder
Step 5: Config apache SSL module
Create a file call LetEncrypt-ssh.conf
| <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/LetEncrypt/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/LetEncrypt/privkey.pem SSLCertificateChainFile /etc/apache2/ssl/LetEncrypt/chain.pem <FilesMatch “\.(cgi|shtml|phtml|php)$”> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> |
Create a softlink in /etc/apache2/sites-enabled and point to this file
ln -s /etc/apache2/ssl/setup/LetEncrypt-ssl.conf /etc/apache2/sites-enabled/
Then, enable ssl mod in apache by following command
a2enmod ssl
Restart apache (it will make container restart)
service apache2 restart