Add Ssl To Docker Container

Add Ssl To Docker Container

Reading time1 min
#Security#DevOps#Containers#Docker#SSL#Nginx

How to Secure Your Docker Containers with SSL: A Step-by-Step Guide to Adding SSL Certificates

Most developers skip SSL in development and only add it later in production—what if you built SSL into your Docker containers from day one to eliminate last-minute security scrambles and technical debt? This guide shows you exactly how to bake SSL into your container workflow, ensuring encrypted communication right from the start.

Why Add SSL to Your Docker Containers?

When your Docker containers handle sensitive data or communicate over networks, securing those connections is critical. SSL/TLS encrypts traffic between services or between clients and containerized applications, preventing data interception, tampering, and eavesdropping. By embedding SSL certificates directly into your Docker setup, you’re ensuring:

  • Data privacy and integrity
  • Trustworthiness of your services
  • Compliance with security best practices

Adding SSL during development also smooths the eventual deployment process by avoiding last-minute configuration headaches.

Prerequisites

  • Basic knowledge of Docker and Dockerfile syntax
  • OpenSSL installed on your local machine (or alternatives like mkcert for generating certificates)
  • A simple web application running inside a Docker container (we’ll use an Nginx example)

Step 1: Generate SSL Certificates

For development, a self-signed certificate is usually enough. In production, you should use trusted CA certificates from providers like Let's Encrypt.

Run the following command to create a self-signed certificate and key valid for 365 days:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout server.key -out server.crt \
  -subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=localhost"

This generates:

  • server.crt — The public certificate
  • server.key — The private key

Place these files in a directory named certs for easy reference.

Step 2: Create a Sample Web Server with Nginx

Here’s a simple example where we will serve content securely over HTTPS using Nginx inside a Docker container.

Directory structure:

docker-ssl-example/
│
├── certs/
│   ├── server.crt
│   └── server.key
├── default.conf
└── Dockerfile

Create an Nginx config file default.conf inside docker-ssl-example:

server {
    listen              443 ssl;
    server_name         localhost;

    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

This config enables HTTPS on port 443 using our cert/key files.

Step 3: Write the Dockerfile

Create a Dockerfile with the following content:

FROM nginx:latest

# Copy custom nginx config file that enables ssl support
COPY default.conf /etc/nginx/conf.d/default.conf

# Copy SSL certs into the image
COPY certs/server.crt /etc/nginx/ssl/server.crt
COPY certs/server.key /etc/nginx/ssl/server.key

# Optional: Copy static website files (if any)
# COPY html/ /usr/share/nginx/html/

# Expose port 443 for HTTPS
EXPOSE 443

CMD ["nginx", "-g", "daemon off;"]

This Dockerfile:

  • Starts with official Nginx image
  • Adds our custom HTTPS configuration
  • Copies SSL certificates into the container
  • Exposes HTTPS port

Step 4: Build and Run Your Container

From the docker-ssl-example directory, build your Docker image:

docker build -t nginx-ssl-example .

Run the container mapping port 443 to localhost:

docker run -d -p 443:443 --name nginx-secure nginx-ssl-example

Step 5: Test Your HTTPS Connection

Open your browser and navigate to:

https://localhost/

You’ll likely see a warning that the certificate is untrusted. That’s expected since it’s self-signed. You can safely proceed in development environments.

To verify via command line, run:

curl -k https://localhost/

The -k option allows curl to accept self-signed certs.

You should see your Nginx default page served over HTTPS!

Going Beyond Basics: Automating Certificate Generation & Renewal

In production systems, manually generating certificates is not scalable or secure. Consider integrating tools like Let's Encrypt with ACME clients (e.g., Certbot) inside your containers or orchestrations.

Alternatively, you can mount certificates as volumes rather than baking them into images to handle renewals without rebuilding images.

Example docker-compose snippet mounting cert files outside container:

version: '3.7'
services:
  web:
    image: nginx:latest
    ports:
      - "443:443"
    volumes:
      - ./certs:/etc/nginx/ssl:ro
      - ./default.conf:/etc/nginx/conf.d/default.conf:ro

Key Takeaways

  • Adding SSL from day one eliminates last-minute security scrambles.
  • Embedding self-signed certs during development mimics production setups without cost or delays.
  • Understanding how to configure Nginx (or other servers) within containers secures communication effectively.
  • Keep in mind that production environments require trusted, renewable certificates instead of self-signed ones.

By baking SSL directly into your Docker workflow, you’re building secure apps with confidence throughout every stage of development and deployment.

If you found this guide helpful or want me to cover adding SSL for other stacks (Node.js, Python Flask apps in containers), let me know in the comments!

Related Articles

Add Ssl To Docker Container

How to Secure Your Docker Containers with SSL: A Step-by-Step Guide to Adding SSL Certificates

1 min

Access To Container Docker

Mastering Secure Access to Running Docker Containers Without Compromising Host Integrity

1 min

Access To Docker Container

Mastering Secure and Efficient Access to Docker Containers: Beyond the Basics

1 min
← Back to Blog