Easy SSL and Subdomains

Easy SSL

I hadn’t really tried to do SSL properly in the past because I had the impression that gathering the certificates from the appropriate authorities and configuring them correctly would be a lot of bother, and since I’m just making things for myself it shouldn’t really matter.

Well, security matters and, it turns out, it’s quite easy.

Certbot and Apache

Note: These instructions are for Ubuntu, you may need to adapt things appropriately to whichever OS you are using.

If your website is already configured to use apache, but you don’t have HTTPS, then by far the easiest way to make the switch is to use certbot. You can find instructions here.

Warning: When you first run certbot, it asks for an email and if you want to share your email with letsencrypt partners

Caddy

I’m a big fan of docker. I use docker to run almost all my web projects. I’ve found caddy to integrate nicely with it, though there is nothing stopping you doing this with apache also.

So. imagine you already have your shiny new web service up and running with a nice docker compose file:

version: '3'
services:
    app:
        image: my-app-image
        container_name: "app"
        restart: "unless-stopped"
        ports:
            - "80:80"

Put this behind Caddy and it will handle it all automatically. So your compose might end up more like this:

version: '3'
services:
    app:
        image: my-app-image
        container_name: "app"
        restart: "unless-stopped"
    caddy:
        image: caddy
        restart: "unless-stopped"
        ports:
            - "80:80"
            - "443:443"
        command: "caddy reverse-proxy --from yourwebsite.com --to app:80"
        volumes:
            - caddy-data:/data/   

volumes:
    caddy-data:

And if you have something more complicated you can define a Caddyfile, say where you want to run multiple services on different subdomains:

version: '3'
services:
    app1:
        image: my-app-image
        container_name: "app1"
        restart: "unless-stopped"
    app2:
        image: my-app-image
        container_name: "app2"
        restart: "unless-stopped"
    caddy:
        image: caddy
        restart: "unless-stopped"
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - <<CaddyfileLocation>>:/etc/caddy/Caddyfile
            - caddy-data:/data/   

volumes:
    caddy-data:

And the Caddyfile will look something like this:

yourwebsite.com {
   reverse_proxy app1:80
}

subdomain.yourwebsite.com {
   reverse_proxy app2:80
}