Dockerfile separation of concerns for a secure apache httpd server with respect to SSL certification files

Solution 1:

You can also create a named data volume as follows. I will use a directory named /usr/local/apache/SSL in this example.

1. Create an empty directory /usr/local/apache/SSL in your apache container and commit
2. Startup a new base container for your data volume and create the same empty directory /usr/local/apache/SSL (may need to create /usr/local/apache first)
3. Commit the container created in step 2: docker commit CONTAINER_ID data/apachessl:latest)
4. Create the named data volume container: docker run --name=DATAmyApacheSSLCerts -v /usr/local/apache/SSL data/apachessl true
5. Copy your SSL certificate to /usr/local/apache/SSL using a "disposable container" to put them there: docker run -it --rm=true --volumes-from=DATAmyApacheSSLCerts APACHE_CONTAINER /bin/bash
6. Spin up your "true" apache image but mount the data volume by adding --volumes-from=DATAmyApacheSSLCerts to your run command for the apache image

Now any changes you make to /usr/local/apache/SSL directory will persist until you delete the DATAmyApacheSSLCerts instance.

Busybox images make great data volumes due to their extremely small size.

You will probably want to adjust your data volume and add your conf directory as well so that changes persist but do not change the base image. Just create the conf directory in your data image as well, copy over the files from a base apache install and add another -v flag for the conf directory.

**NOTE: You need to have a directory in your main image that corresponds to the one being shared in your data volume.