Add a self-signed SSL cert to a webapp
Sometimes I need to access an HTTP webapp through HTTPS, for instance, when testing the app on another server and it needs microphone or camera access through a browser on my local machine. A simple universal solution would be to add a reverse proxy with a self-signed SSL cert (which could be replaced with a valid one later). The even simpler but more limited solution would be to use port forwarding:
1
socat TCP-LISTEN:8080,reuseaddr,fork TCP:remote-server:80
or using ssh tunnel if the service is not exposed to the network:
1
ssh -N -L 8080:localhost:80 user@remote-server
and access the remote app running on port 80 through http://localhost:8080, but this approach is limited to one machine and doesn’t scale.
the end result:
a bash script that can be put into a Dockerfile to add a reverse proxy with a self-signed SSL cert and WebSocket support (which is important for some webapps, like open-webui, or webapps based on streamlit framework).
prerequisites:
an ubuntu/Debian system or container
steps:
the script is largely based on my script to fake internet connection for a Kindle to make it connect to a WiFi without Internet access.
the script is here: add_ssl.sh. it should be run like ./add_ssl.sh <webapp_port> <webapp_port_ssl> <webapp_name>. for instance, if put into a Dockerfile, it must be run before switching to a non-root user:
1
2
3
COPY add_ssl.sh /usr/local/bin/add_ssl.sh
RUN chmod +x /usr/local/bin/add_ssl.sh
RUN /usr/local/bin/add_ssl.sh 3000 3443 my_webapp
also need to modify the rest of the container settings to expose the new port properly
references
- https://github.com/open-webui/open-webui/issues/8074#issuecomment-2562061337