When doing local dev and testing, you may find that you need TLS (Transport Layer Security). Also known as SSL (Secure Socket Layer), it predecessor. For example if you are working with secure http cookies. Or content security policy headers.
Recently I ran into this. I was trying to integrate AEM with a SAML identity provider. And the IdP would only send back the SAML assertion to a TLS protected assertion endpoint. Such as https://localhost/content/mysite/saml_login.
Rather than waiting to test in a QA environment, I decided to setup TLS on my local host. And there is a plethora of ways to do it. You can do it with Apache if you are running a dispatcher. Or on AEM by configuring SSL as default. And there are a few node modules if you have the JavaScript skills. Like http-proxy.
The problem was that all these methods required too much configuration or code. Plus I had to fumble around with self signed certificates.
Instead, the easiest way I found was to do it the same way you would on a cloud. SSL termination on AWS and Azure happens at the load balancer. Way before it reaches your application. I won't set up a load balancer. But a simple NGINX reverse proxy will do.
Create the Dockerfile
First you will need a Dockerfile. And it is really simple. We start with the official nginx Docker image. Then
Copy the template that gets used to create the default.conf file.
Install OpenSSL.
Use OpenSSL to create the self-signed certificate and key.
Start nginx.
Create A Configuration Template
Nginx does not support environment variables within most config blocks. Luckily their Docker image has a function that reads template files in /etc/nginx/templates/*.template. And outputs the result of executing envsubst to /etc/nginx/conf.d. Name this file default.conf.template.
Build And Run
Within the same directory where you saved the two files above, run the following two commands. They will build the image and run the container. Assuming you want to proxy to an AEM publish instance on port 4503.
Conclusion
Two simple files and Docker. Nginx will proxy anything and everything on https://localhost to your target application. It does not matter what you are proxying to. As long as it is on http://${PROXY_TO_HOST}:${PROXY_TO_PORT}.
Your browser will freak out because the certificate if self-signed. If using Chrome and there is no option to accept the risk, type thisisunsafe. It will bypass the error and load the page.
Comments