Local HTTPS
Some development testing is easier with farmOS on an https:// endpoint.
A separate Nginx reverse proxy provides a simple way to
achieve this without any changes to the Apache configuration that runs in the
farmOS Docker container.
First, generate self-signed SSL certificate files into an ssl directory,
from the directory that your docker-compose.yml file is in:
mkdir ssl
openssl req -newkey rsa:4096 -x509 -sha256 -nodes -out ssl/openssl.crt -keyout ssl/openssl.keyCreate a file called nginx.conf alongside docker-compose.yml:
events {}
http {
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/openssl.crt;
ssl_certificate_key /etc/nginx/ssl/openssl.key;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass http://www;
}
}
}Add the following lines to www/web/sites/default/settings.php:
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']];
$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL;Add the following service to your local docker-compose.yml file:
proxy:
image: nginx
depends_on:
- www
ports:
- '80:80'
- '443:443'
volumes:
- './nginx.conf:/etc/nginx/nginx.conf'
- './ssl:/etc/nginx/ssl'Also remove port 80 from the www service:
ports:
- '80:80'Finally, start the Docker services:
docker compose up
farmOS is now accessible via https://localhost.