HTTPS Pre-work
The Tomcat container can support HTTPS. For example, generate a self-signed certificate
with openssl or obtain a real certificate from a certificate
authority:
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=New York/L=Northport/O=Software Risk Manager/CN=localhost" -keyout ./ssl.key -out ./ssl.crtThe server.xml file contains a configuration that supports HTTPS using Tomcat's SSL/TLS capability .
This template can be mounted over the existing server.xml in the Docker
image. The SSL certificate and private key must also be mounted.
Update the codedx-tomcat section in your Docker Compose file (either
docker-compose.yml or
docker-compose-external-db.yml) with SSL and
server.xml volume mounts, switching ports from
8080:8080 to 8443:8443. See what follows for
Docker Compose file content using port 8443 with extra volume mounts for
server.xml, ssl.key, and
ssl.crt.
codedx-tomcat:
...
volumes:
- codedx-appdata:/opt/codedx
- /path/to/ssl.crt:/usr/local/tomcat/conf/ssl.crt
- /path/to/ssl.key:/usr/local/tomcat/conf/ssl.key
- /path/to/server.xml:/usr/local/tomcat/conf/server.xml
ports:
- 8443:8443
...