I have a containerized apache setup that needs to optionally enable SSL if the cert file was mapped in. I have this working for the case of when the cert files are mapped in, but struggling with the right directive to only optionally have it enabled.
Given being a containerized app, it makes it harder to just edit this file in production. Wondering if having an additional environment variable to enable the ssl is the way to go, but this seems like the more elegant route?
000-default.conf
:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<If "-f '/etc/oqm/certs/systemCert.crt'">
Define SSL_CERT_FILE_PROVIDED 1
</If>
<IfDefine SSL_CERT_FILE_PROVIDED>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/oqm/certs/systemCert.crt
SSLCertificateKeyFile /etc/oqm/certs/systemPrivateKey.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfDefine>
Dockerfile for context:
FROM php:8.3-apache
COPY webroot /var/www/html/
COPY 000-default.conf /etc/apache2/sites-available/000-default.conf
#COPY php.ini /usr/local/etc/php/php.ini-development
RUN chown -R www-data:www-data /var/www/html && \
a2enmod ssl && a2enmod socache_shmcb
EXPOSE 80
EXPOSE 443
As this stands, this ends up with a SSLCertificateFile: file '/etc/oqm/certs/systemCert.crt' does not exist or is empty
error. It seems like my understanding of how the If
directive works is off, but the Define
directive seems to run even when the file is not present. Removing the If
directive seems to allow the server to start without the file, but obviously without the option of ssl.
make-ssl-cert
to renew it if been available