| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 31 Jul 2025 12:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"fa6bb59a180ec4b5f7e607010dbf708f"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=ksr0lCze9D28b%2BuKQiz%2BL7Jei01RR3Nh8m6QAwDhljKgWmqG77WvGOIpfjCMYVxC436OY0sGb32W3LIgiaYihSSND9HM%2BdZpWUvBddKlkq4wLo6Tsi%2BPFCs5ql%2FL5XHHWhcYhz6hTjNsJIL7Ecc%2FKsrDoE0MYXDAf0l%2BWhBXRMPyOOQBxPM4BF3y%2FfAq5aP%2F7hoPiXnGZUNkgs69QfRXsufRUOJdiIF5yj6b4%2B6zofirXpPeNeo0J4I%2BcWm%2BZksbQpywS5hFGBSRM27O0LYFUA%3D%3D--uhueLP89x0bRqHQF--idwPTumdO7r56hq40q%2F5ng%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.938370917.1753966167; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 12:49:27 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 12:49:27 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: EB70:5A781:404014:479882:688B6657
How to Utilise Let's Encrypt with Docker · OWASP/SecurityShepherd Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 489
How to Utilise Let's Encrypt with Docker
Paul McCann edited this page Nov 3, 2022
·
1 revision
Let's Encrypt is a nonprofit Certificate Authority providing TLS certificates. The following guide will demonstrate how to utilise this service to use a valid certificate within the application server instead of using the self signed certificate.
This guide is provided by @rudosch
To use a letsencrypt certificate the following steps are needed:
- Edit the Dockerfile
Copy the following into the Dockerfile
ARG TOMCAT_DOCKER_VERSION
FROM docker AS builder
ARG TLS_KEYSTORE_FILE
ARG TLS_KEYSTORE_PASS
ARG ALIAS
ARG HTTPS_PORT
ARG DB_DRIVER=org.gjt.mm.mysql.Driver
ARG DB_SCHEMA=core
ARG DB_USER
ARG DB_PASS
ARG MARIADB_URI
ARG MONGO_HOST
ARG MONGO_PORT
ARG MONGO_CONN_TIMEOUT
ARG MONGO_SOCK_TIMEOUT
ARG MONGO_SVR_TIMEOUT
USER root
WORKDIR /workdir
COPY target/owaspSecurityShepherd.war ROOT.war
# --- use self-signed certificate
# COPY target/docker/tomcat/$TLS_KEYSTORE_FILE $TLS_KEYSTORE_FILE
# COPY docker/tomcat/serverxml.patch serverxml.patch
# --- use letsencrypt certificate
COPY docker/tomcat/letsencrypt letsencrypt
COPY docker/tomcat/serverxml.patch serverxml.letsencrypt.patch
COPY docker/tomcat/webxml.patch webxml.patch
RUN printf "databaseConnectionURL=$MARIADB_URI/\nDriverType=$DB_DRIVER\ndatabaseSchema=$DB_SCHEMA\ndatabaseUsername=$DB_USER\ndatabasePassword=$DB_PASS\ndatabaseOptions=useUnicode=true&character_set_server=utf8mb4\n" >> database.properties
RUN printf "connectionHost=$MONGO_HOST\nconnectionPort=$MONGO_PORT\ndatabaseName=shepherdGames\nconnectTimeout=$MONGO_CONN_TIMEOUT\nsocketTimeout=$MONGO_SOCK_TIMEOUT\nserverSelectionTimeout=$MONGO_SVR_TIMEOUT" >> mongo.properties
# --- not needed if using serverxml.letsencrypt.patch
# RUN sed -i 's/keystoreFile="conf\/TLS_KEYSTORE_FILE" keystorePass="TLS_KEYSTORE_PASS" keyAlias="ALIAS">/keystoreFile="conf\/'"$TLS_KEYSTORE_FILE"'" keystorePass="'"$TLS_KEYSTORE_PASS"'" keyAlias="'"$ALIAS"'">/g' serverxml.patch &&\
RUN sed -i 's/redirectPort="HTTPS_PORT" \/>/redirectPort="'"$HTTPS_PORT"'" \/>/g' serverxml.patch
FROM tomcat:${TOMCAT_DOCKER_VERSION}
COPY --from=builder /workdir/ROOT.war /usr/local/tomcat/webapps/
# --- not needed if using serverxml.letsencrypt.patch
# COPY --from=builder /workdir/$TLS_KEYSTORE_FILE /usr/local/tomcat/conf/
COPY --from=builder /workdir/letsencrypt /usr/local/tomcat/conf/letsencrypt
COPY --from=builder /workdir/serverxml.patch /usr/local/tomcat/conf/
COPY --from=builder /workdir/webxml.patch /usr/local/tomcat/conf/
COPY --from=builder /workdir/database.properties /usr/local/tomcat/conf/
COPY --from=builder /workdir/mongo.properties /usr/local/tomcat/conf/
ENV RUN_USER tomcat
RUN apt-get -qq update && apt-get install -y patch libargon2-0
RUN adduser --system --group ${RUN_USER} --home ${CATALINA_HOME}
RUN chown -R ${RUN_USER}:${RUN_GROUP} $CATALINA_HOME
USER ${RUN_USER}
ENV CATALINA_OPTS "-Duser.timezone=Europe/Dublin"
RUN rm -rf /usr/local/tomcat/webapps/ROOT
# --- not needed if using serverxml.letsencrypt.patch
# RUN patch /usr/local/tomcat/conf/server.xml /usr/local/tomcat/conf/serverxml.patch
RUN patch /usr/local/tomcat/conf/server.xml /usr/local/tomcat/conf/serverxml.letsencrypt.patch
RUN patch /usr/local/tomcat/conf/web.xml /usr/local/tomcat/conf/webxml.patch
EXPOSE 8080 8443
CMD ["catalina.sh", "run"]
- Edit the serverxml.patch
Copy the following into the serverxml.patch
--- server.xml 2022-10-20 23:27:06.000000000 +0200
+++ server.letsencrypt.xml 2022-10-21 09:33:07.013326579 +0200
@@ -65,17 +65,16 @@
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
+ -->
<!-- A "Connector" using the shared thread pool-->
- <!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
- -->
+ redirectPort="HTTPS_PORT" />
+
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
@@ -83,15 +82,15 @@
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
- <!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="carview.php?tsp=true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
+ maxThreads="150" SSLEnabled="carview.php?tsp=true" scheme="https" secure="carview.php?tsp=true">
+ <SSLHostConfig certificateVerification="none" protocols="TLSv1.2">
+ <Certificate certificateFile="conf/letsencrypt/cert.pem"
+ certificateKeyFile="conf/letsencrypt/privkey.pem"
+ certificateChainFile="conf/letsencrypt/chain.pem" />
</SSLHostConfig>
</Connector>
- -->
+
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.-
Add generated Let's Encrypt certificate files (*.pem) to new directory docker/tomcat/letsencrypt
-
Build the project
docker-compose build -
Run the project
docker-compose run -d
Clone this wiki locally
You can’t perform that action at this time.