[{"data":1,"prerenderedAt":1514},["ShallowReactive",2],{"navigation":3,"/docs/deployment-and-production/configuring-ssl":221,"/docs/deployment-and-production/configuring-ssl-surround":1509},[4],{"title":5,"path":6,"stem":7,"children":8},"Docs","/docs","docs",[9,12,56,85,132,153,178,195,208],{"title":10,"path":6,"stem":11},"","docs/index",{"title":13,"path":14,"stem":15,"children":16,"icon":55},"Getting Started","/docs/getting-started","docs/1.getting-started/1.index",[17,19,23,27,31,35,39,43,47,51],{"title":18,"path":14,"stem":15},"Introduction",{"title":20,"path":21,"stem":22},"Container Basics","/docs/getting-started/container-basics","docs/1.getting-started/2.container-basics",{"title":24,"path":25,"stem":26},"Installation","/docs/getting-started/installation","docs/1.getting-started/3.installation",{"title":28,"path":29,"stem":30},"These Images vs Others","/docs/getting-started/these-images-vs-others","docs/1.getting-started/4.these-images-vs-others",{"title":32,"path":33,"stem":34},"Choosing an Image","/docs/getting-started/choosing-an-image","docs/1.getting-started/5.choosing-an-image",{"title":36,"path":37,"stem":38},"Default Configurations","/docs/getting-started/default-configurations","docs/1.getting-started/6.default-configurations",{"title":40,"path":41,"stem":42},"Upgrade Guide","/docs/getting-started/upgrade-guide","docs/1.getting-started/7.upgrade-guide",{"title":44,"path":45,"stem":46},"Changelog","/docs/getting-started/changelog","docs/1.getting-started/8.changelog",{"title":48,"path":49,"stem":50},"About","/docs/getting-started/about","docs/1.getting-started/9.about",{"title":52,"path":53,"stem":54},"Contributing","/docs/getting-started/contributing","docs/1.getting-started/99.contributing",false,{"title":57,"path":58,"stem":59,"children":60,"page":55},"Image Variations","/docs/image-variations","docs/2.image-variations",[61,65,69,73,77,81],{"title":62,"path":63,"stem":64},"CLI","/docs/image-variations/cli","docs/2.image-variations/cli",{"title":66,"path":67,"stem":68},"FPM","/docs/image-variations/fpm","docs/2.image-variations/fpm",{"title":70,"path":71,"stem":72},"FPM-Apache","/docs/image-variations/fpm-apache","docs/2.image-variations/fpm-apache",{"title":74,"path":75,"stem":76},"FPM-NGINX","/docs/image-variations/fpm-nginx","docs/2.image-variations/fpm-nginx",{"title":78,"path":79,"stem":80},"FrankenPHP","/docs/image-variations/frankenphp","docs/2.image-variations/frankenphp",{"title":82,"path":83,"stem":84},"Unit (Deprecated)","/docs/image-variations/unit","docs/2.image-variations/unit",{"title":86,"path":87,"stem":88,"children":89,"page":55},"Framework Guides","/docs/framework-guides","docs/3.framework-guides",[90,123],{"title":91,"icon":55,"defaultOpen":55,"path":92,"stem":93,"children":94,"page":55},"Laravel","/docs/framework-guides/laravel","docs/3.framework-guides/1.laravel",[95,99,103,107,111,115,119],{"title":96,"path":97,"stem":98},"Automations","/docs/framework-guides/laravel/automations","docs/3.framework-guides/1.laravel/1.automations",{"title":100,"path":101,"stem":102},"Task Scheduler","/docs/framework-guides/laravel/task-scheduler","docs/3.framework-guides/1.laravel/2.task-scheduler",{"title":104,"path":105,"stem":106},"Queue","/docs/framework-guides/laravel/queue","docs/3.framework-guides/1.laravel/3.queue",{"title":108,"path":109,"stem":110},"Horizon","/docs/framework-guides/laravel/horizon","docs/3.framework-guides/1.laravel/4.horizon",{"title":112,"path":113,"stem":114},"Reverb","/docs/framework-guides/laravel/reverb","docs/3.framework-guides/1.laravel/4.reverb",{"title":116,"path":117,"stem":118},"Nightwatch","/docs/framework-guides/laravel/nightwatch","docs/3.framework-guides/1.laravel/5.nightwatch",{"title":120,"path":121,"stem":122},"Octane","/docs/framework-guides/laravel/octane","docs/3.framework-guides/1.laravel/octane",{"title":124,"icon":55,"defaultOpen":55,"path":125,"stem":126,"children":127,"page":55},"WordPress","/docs/framework-guides/wordpress","docs/3.framework-guides/2.wordpress",[128],{"title":129,"path":130,"stem":131},"Using Docker with WordPress","/docs/framework-guides/wordpress/using-wordpress-with-docker","docs/3.framework-guides/2.wordpress/4.using-wordpress-with-docker",{"title":133,"path":134,"stem":135,"children":136,"page":55},"Deployment And Production","/docs/deployment-and-production","docs/4.deployment-and-production",[137,141,145,149],{"title":138,"path":139,"stem":140},"Development to Production","/docs/deployment-and-production/development-to-production","docs/4.deployment-and-production/2.development-to-production",{"title":142,"path":143,"stem":144},"Packaging Your App for Deployment","/docs/deployment-and-production/packaging-your-app-for-deployment","docs/4.deployment-and-production/3.packaging-your-app-for-deployment",{"title":146,"path":147,"stem":148},"Configuring SSL","/docs/deployment-and-production/configuring-ssl","docs/4.deployment-and-production/4.configuring-ssl",{"title":150,"path":151,"stem":152},"Choosing a Host","/docs/deployment-and-production/choosing-a-host","docs/4.deployment-and-production/5.choosing-a-host",{"title":154,"icon":55,"defaultOpen":55,"path":155,"stem":156,"children":157,"page":55},"Advanced Guides","/docs/guide","docs/5.guide",[158,162,166,170,174],{"title":159,"path":160,"stem":161},"Migrating from official PHP images","/docs/guide/migrating-from-official-php-images","docs/5.guide/1.migrating-from-official-php-images",{"title":163,"path":164,"stem":165},"Using Healthchecks With Laravel","/docs/guide/using-healthchecks-with-laravel","docs/5.guide/2.using-healthchecks-with-laravel",{"title":167,"path":168,"stem":169},"Using S6 Overlay","/docs/guide/using-s6-overlay","docs/5.guide/2.using-s6-overlay",{"title":171,"path":172,"stem":173},"Understanding File Permissions","/docs/guide/understanding-file-permissions","docs/5.guide/3.understanding-file-permissions",{"title":175,"path":176,"stem":177},"Configuring Trusted Proxies","/docs/guide/configuring-trusted-proxies","docs/5.guide/4.configuring-trusted-proxies",{"title":179,"icon":55,"defaultOpen":55,"path":180,"stem":181,"children":182,"page":55},"Customization","/docs/customizing-the-image","docs/6.customizing-the-image",[183,187,191],{"title":184,"path":185,"stem":186},"Changing php.ini settings","/docs/customizing-the-image/changing-common-php-settings","docs/6.customizing-the-image/1.changing-common-php-settings",{"title":188,"path":189,"stem":190},"Installing PHP extensions","/docs/customizing-the-image/installing-additional-php-extensions","docs/6.customizing-the-image/2.installing-additional-php-extensions",{"title":192,"path":193,"stem":194},"Adding Start Up Scripts","/docs/customizing-the-image/adding-your-own-start-up-scripts","docs/6.customizing-the-image/3.adding-your-own-start-up-scripts",{"title":196,"path":197,"stem":198,"children":199,"page":55},"Troubleshooting","/docs/troubleshooting","docs/7.troubleshooting",[200,204],{"title":201,"path":202,"stem":203},"Common Issues","/docs/troubleshooting/common-issues","docs/7.troubleshooting/1.common-issues",{"title":205,"path":206,"stem":207},"Getting Help","/docs/troubleshooting/getting-help","docs/7.troubleshooting/2.getting-help",{"title":209,"path":210,"stem":211,"children":212,"page":55},"Reference","/docs/reference","docs/8.reference",[213,217],{"title":214,"path":215,"stem":216},"Environment Variable Specification","/docs/reference/environment-variable-specification","docs/8.reference/1.environment-variable-specification",{"title":218,"path":219,"stem":220},"Command Reference","/docs/reference/command-reference","docs/8.reference/2.command-reference",{"id":222,"title":146,"body":223,"description":1502,"extension":575,"links":1503,"meta":1504,"navigation":996,"path":147,"redirect":1503,"seo":1507,"stem":148,"__hash__":1508},"docs/docs/4.deployment-and-production/4.configuring-ssl.md",{"type":224,"value":225,"toc":1492},"minimark",[226,233,238,241,330,334,341,386,390,393,475,480,486,510,513,523,526,539,544,553,562,578,582,588,591,602,606,609,711,715,718,758,777,781,784,817,833,837,840,1058,1062,1070,1075,1079,1093,1096,1105,1340,1344,1355,1360,1364,1369,1387,1465,1468,1472,1480,1488],[227,228,229],"lead-p",{},[230,231,232],"p",{},"SSL encryption is natively supported in our images. With FrankenPHP, a trusted certificate can automatically be generated by Let's Encrypt. You can also bring your own certificates or have a self-signed certificate generated for you.",[234,235,237],"h2",{"id":236},"supported-variations","Supported Variations",[230,239,240],{},"SSL is natively supported in the following variations:",[242,243,244,260],"table",{},[245,246,247],"thead",{},[248,249,250,254,257],"tr",{},[251,252,253],"th",{},"Variation",[251,255,256],{},"SSL Support",[251,258,259],{},"Automated, Signed Certificate Support (via Let's Encrypt)",[261,262,263,278,289,306,319],"tbody",{},[248,264,265,272,275],{},[266,267,268],"td",{},[269,270,271],"code",{},"cli",[266,273,274],{},"❌ No",[266,276,277],{},"-",[248,279,280,285,287],{},[266,281,282],{},[269,283,284],{},"fpm",[266,286,274],{},[266,288,277],{},[248,290,291,296,299],{},[266,292,293],{},[269,294,295],{},"fpm-nginx",[266,297,298],{},"✅ Yes",[266,300,301,302,305],{},"❌ No ",[303,304],"br",{},"(requires a reverse proxy in front of the container)",[248,307,308,313,315],{},[266,309,310],{},[269,311,312],{},"fpm-apache",[266,314,298],{},[266,316,301,317,305],{},[303,318],{},[248,320,321,326,328],{},[266,322,323],{},[269,324,325],{},"frankenphp",[266,327,298],{},[266,329,298],{},[234,331,333],{"id":332},"ssl-modes","SSL Modes",[230,335,336,337,340],{},"You can control SSL behavior with the ",[269,338,339],{},"SSL_MODE"," environment variable:",[242,342,343,353],{},[245,344,345],{},[248,346,347,350],{},[251,348,349],{},"SSL Mode",[251,351,352],{},"Description",[261,354,355,366,376],{},[248,356,357,363],{},[266,358,359,362],{},[269,360,361],{},"off"," (default)",[266,364,365],{},"HTTP only.",[248,367,368,373],{},[266,369,370],{},[269,371,372],{},"mixed",[266,374,375],{},"HTTP and HTTPS.",[248,377,378,383],{},[266,379,380],{},[269,381,382],{},"full",[266,384,385],{},"HTTPS only. HTTP requests will be redirected to HTTPS.",[234,387,389],{"id":388},"choose-how-to-run-ssl-in-production","Choose How to Run SSL in Production",[230,391,392],{},"You have a few options for running SSL in production:",[242,394,395,414],{},[245,396,397],{},[248,398,399,402,405,408,411],{},[251,400,401],{},"Approach",[251,403,404],{},"Certificate Type",[251,406,407],{},"Management Type",[251,409,410],{},"Zero-Downtime Deployments",[251,412,413],{},"Minimal Number of Containers",[261,415,416,432,446,461],{},[248,417,418,421,424,427,429],{},[266,419,420],{},"Reverse Proxy (like Traefik or Caddy)",[266,422,423],{},"✅ Trusted Certificate (via Let's Encrypt)",[266,425,426],{},"✅ Automatic",[266,428,298],{},[266,430,431],{},"⚠️ 2",[248,433,434,437,439,441,443],{},[266,435,436],{},"FrankenPHP's built-in automatic HTTPS",[266,438,423],{},[266,440,426],{},[266,442,274],{},[266,444,445],{},"✅ 1",[248,447,448,451,454,457,459],{},[266,449,450],{},"Bring Your Own Certificate",[266,452,453],{},"✅ Trusted Certificate (through any vendor)",[266,455,456],{},"❌ Manual",[266,458,274],{},[266,460,445],{},[248,462,463,466,469,471,473],{},[266,464,465],{},"Self-signed",[266,467,468],{},"❌ Self-signed Certificate",[266,470,426],{},[266,472,274],{},[266,474,445],{},[476,477,479],"h3",{"id":478},"reverse-proxy-recommended","Reverse Proxy (recommended)",[481,482,483],"tip",{},[230,484,485],{},"Reverse proxies don't just terminate SSL—they also give you zero-downtime with rolling updates.",[230,487,488,494,495,503,504,509],{},[489,490],"img",{":zoom":491,"alt":492,"src":493},"false","Reverse Proxy","images/docs/reverse-proxy-ssl-zerodowntime.png","\nOur recommended approach is to use a reverse proxy like ",[496,497,502],"a",{"href":498,"rel":499,"target":501},"https://traefik.io/traefik/",[500],"nofollow","_blank","Traefik"," or ",[496,505,508],{"href":506,"rel":507,"target":501},"https://caddyserver.com/",[500],"Caddy"," that listens on ports 80 (HTTP) and 443 (HTTPS). The reverse proxy will forward traffic to your container on the non-privileged ports of 8080 (HTTP) or 8443 (HTTPS).",[230,511,512],{},"Using a reverse proxy unlocks two major benefits:",[514,515,516,520],"ol",{},[517,518,519],"li",{},"Automatic SSL certificate management (via Let's Encrypt)",[517,521,522],{},"Zero-downtime deployments",[230,524,525],{},"When you're running updates on containers, the reverse proxy stays online while updates are deployed to your containers in the background. Configuring a reverse proxy is outside the scope of this documentation, but you can reference the links below to learn more:",[527,528,529,534],"ul",{},[517,530,531],{},[496,532,502],{"href":498,"rel":533,"target":501},[500],[517,535,536],{},[496,537,508],{"href":506,"rel":538,"target":501},[500],[540,541,543],"h4",{"id":542},"use-a-reverse-proxy-when-you-want","Use a Reverse Proxy When You Want...",[527,545,546,548,550],{},[517,547,522],{},[517,549,519],{},[517,551,552],{},"Load balancing",[230,554,555,556,561],{},"If you want a simple way to run your own reverse proxy with zero-downtime deployments, consider using ",[496,557,560],{"href":558,"rel":559,"target":501},"https://serversideup.net/open-source/spin/",[500],"Spin",".",[563,564],"u-button",{"ariaLabel":565,"className":566,"color":574,"label":565,"size":575,"target":501,"to":558,"trailing-icon":576,"variant":577},"Learn more about Spin",[567,568,569,570,571,572,573],"font-bold","ring","ring-inset","ring-blue-600","text-blue-600","hover:ring-blue-500","hover:text-blue-500","primary","md","i-lucide-arrow-right","outline",[476,579,581],{"id":580},"frankenphps-built-in-automatic-https","FrankenPHP's Built-in Automatic HTTPS",[583,584,585],"warning",{},[230,586,587],{},"Zero-downtime deployments are not possible with FrankenPHP's built-in automatic HTTPS.",[230,589,590],{},"FrankenPHP provides automated HTTPS through Caddy. To directly expose FrankenPHP to the internet, you'll need to configure the following:",[514,592,593,596,599],{},[517,594,595],{},"Environment variables (for Caddy configuration)",[517,597,598],{},"Ports (for direct exposure of ports 80 and 443)",[517,600,601],{},"Volumes (for certificate files)",[540,603,605],{"id":604},"environment-variables","Environment Variables",[230,607,608],{},"Configure the following environment variables:",[242,610,611,623],{},[245,612,613],{},[248,614,615,618,621],{},[251,616,617],{},"Variable",[251,619,620],{},"Expected Value",[251,622,352],{},[261,624,625,655,692],{},[248,626,627,639,644],{},[266,628,629,632,633,635],{},[269,630,631],{},"CADDY_AUTO_HTTPS"," ",[303,634],{},[636,637,638],"em",{},"Default: \"off\"",[266,640,641],{},[269,642,643],{},"on",[266,645,646,647,654],{},"Turn on Caddy's ",[496,648,651],{"href":649,"rel":650,"target":501},"https://caddyserver.com/docs/caddyfile/options#auto-https",[500],[269,652,653],{},"auto_https"," global directive.",[248,656,657,667,675],{},[266,658,659,632,662,664],{},[269,660,661],{},"CADDY_HTTPS_SERVER_ADDRESS",[303,663],{},[636,665,666],{},"Default: \"https://\"",[266,668,669,503,672],{},[269,670,671],{},"example.com",[269,673,674],{},"https://example.com",[266,676,677,678,683,684,687,688,691],{},"Set the ",[496,679,682],{"href":680,"rel":681,"target":501},"https://caddyserver.com/docs/caddyfile/concepts#addresses",[500],"server address"," for HTTPS. Pro tip: You can use ",[269,685,686],{},"$APP_URL"," from your ",[269,689,690],{},".env"," file to set this value.",[248,693,694,702,708],{},[266,695,696,632,698,700],{},[269,697,339],{},[303,699],{},[636,701,638],{},[266,703,704,503,706],{},[269,705,382],{},[269,707,372],{},[266,709,710],{},"Configure how Caddy handles HTTP and HTTPS requests.",[540,712,714],{"id":713},"ports","Ports",[230,716,717],{},"Configure the following ports:",[242,719,720,729],{},[245,721,722],{},[248,723,724,727],{},[251,725,726],{},"Ports to Publish",[251,728,352],{},[261,730,731,745],{},[248,732,733,742],{},[266,734,735,738,739],{},[269,736,737],{},"80"," → ",[269,740,741],{},"8080",[266,743,744],{},"HTTP traffic will be proxied to the container on port 8080.",[248,746,747,755],{},[266,748,749,738,752],{},[269,750,751],{},"443",[269,753,754],{},"8443",[266,756,757],{},"HTTPS traffic will be proxied to the container on port 8443.",[759,760,761],"note",{},[230,762,763,764,767,768,771,772,776],{},"Our port mapping remains ",[269,765,766],{},"80:8080"," and ",[269,769,770],{},"443:8443"," because our containers are ",[773,774,775],"strong",{},"unprivileged"," by default, meaning we cannot bind to ports less than 1024 (without additional modification).",[540,778,780],{"id":779},"volumes","Volumes",[230,782,783],{},"Configure the following volumes:",[242,785,786,795],{},[245,787,788],{},[248,789,790,793],{},[251,791,792],{},"Container Directory to Mount",[251,794,352],{},[261,796,797,807],{},[248,798,799,804],{},[266,800,801],{},[269,802,803],{},"/config",[266,805,806],{},"Directory for Caddy's configuration files (such as Caddyfile or JSON) that must persist for settings to be retained.",[248,808,809,814],{},[266,810,811],{},[269,812,813],{},"/data",[266,815,816],{},"Directory where Caddy stores SSL/TLS certificates and CA information, required for automatic HTTPS to consistently function.",[759,818,819],{},[230,820,821,822,767,825,828,829,832],{},"The ",[269,823,824],{},"config",[269,826,827],{},"data"," volumes must have read/write permissions for the ",[269,830,831],{},"www-data"," user. Caddy will store its configuration and certificates in these volumes (and you want those to persist).",[540,834,836],{"id":835},"example","Example",[230,838,839],{},"Here's an example of directly exposing FrankenPHP to the internet with automatic HTTPS via Let's Encrypt:",[841,842,844,1022],"code-tree",{"default-value":843},"compose.yml",[845,846,850],"pre",{"className":847,"code":848,"filename":843,"language":849,"meta":10,"style":10},"language-yml shiki shiki-themes github-dark","services:\n  php:\n    image: serversideup/php:8.5-frankenphp\n    ports:\n      - 80:8080\n      - 443:8443\n    environment:\n      CADDY_AUTO_HTTPS: \"on\"\n      CADDY_HTTPS_SERVER_ADDRESS: \"https://example.com\"\n      SSL_MODE: \"full\"\n    # Mount the current directory to /var/www/html\n    volumes:\n      - .:/var/www/html\n      - config:/config\n      - data:/data\n\n  volumes:\n    config:\n    data:\n","yml",[269,851,852,865,873,886,894,903,911,919,930,941,952,959,967,975,983,991,998,1006,1014],{"__ignoreMap":10},[853,854,857,861],"span",{"class":855,"line":856},"line",1,[853,858,860],{"class":859},"s4JwU","services",[853,862,864],{"class":863},"s95oV",":\n",[853,866,868,871],{"class":855,"line":867},2,[853,869,870],{"class":859},"  php",[853,872,864],{"class":863},[853,874,876,879,882],{"class":855,"line":875},3,[853,877,878],{"class":859},"    image",[853,880,881],{"class":863},": ",[853,883,885],{"class":884},"sU2Wk","serversideup/php:8.5-frankenphp\n",[853,887,889,892],{"class":855,"line":888},4,[853,890,891],{"class":859},"    ports",[853,893,864],{"class":863},[853,895,897,900],{"class":855,"line":896},5,[853,898,899],{"class":863},"      - ",[853,901,902],{"class":884},"80:8080\n",[853,904,906,908],{"class":855,"line":905},6,[853,907,899],{"class":863},[853,909,910],{"class":884},"443:8443\n",[853,912,914,917],{"class":855,"line":913},7,[853,915,916],{"class":859},"    environment",[853,918,864],{"class":863},[853,920,922,925,927],{"class":855,"line":921},8,[853,923,924],{"class":859},"      CADDY_AUTO_HTTPS",[853,926,881],{"class":863},[853,928,929],{"class":884},"\"on\"\n",[853,931,933,936,938],{"class":855,"line":932},9,[853,934,935],{"class":859},"      CADDY_HTTPS_SERVER_ADDRESS",[853,937,881],{"class":863},[853,939,940],{"class":884},"\"https://example.com\"\n",[853,942,944,947,949],{"class":855,"line":943},10,[853,945,946],{"class":859},"      SSL_MODE",[853,948,881],{"class":863},[853,950,951],{"class":884},"\"full\"\n",[853,953,955],{"class":855,"line":954},11,[853,956,958],{"class":957},"sAwPA","    # Mount the current directory to /var/www/html\n",[853,960,962,965],{"class":855,"line":961},12,[853,963,964],{"class":859},"    volumes",[853,966,864],{"class":863},[853,968,970,972],{"class":855,"line":969},13,[853,971,899],{"class":863},[853,973,974],{"class":884},".:/var/www/html\n",[853,976,978,980],{"class":855,"line":977},14,[853,979,899],{"class":863},[853,981,982],{"class":884},"config:/config\n",[853,984,986,988],{"class":855,"line":985},15,[853,987,899],{"class":863},[853,989,990],{"class":884},"data:/data\n",[853,992,994],{"class":855,"line":993},16,[853,995,997],{"emptyLinePlaceholder":996},true,"\n",[853,999,1001,1004],{"class":855,"line":1000},17,[853,1002,1003],{"class":859},"  volumes",[853,1005,864],{"class":863},[853,1007,1009,1012],{"class":855,"line":1008},18,[853,1010,1011],{"class":859},"    config",[853,1013,864],{"class":863},[853,1015,1017,1020],{"class":855,"line":1016},19,[853,1018,1019],{"class":859},"    data",[853,1021,864],{"class":863},[845,1023,1028],{"className":1024,"code":1025,"filename":1026,"language":1027,"meta":10,"style":10},"language-php shiki shiki-themes github-dark","\u003C?php\n// Let's just print out some PHP info\nphpinfo();\n?>\n","public/index.php","php",[269,1029,1030,1040,1045,1053],{"__ignoreMap":10},[853,1031,1032,1036],{"class":855,"line":856},[853,1033,1035],{"class":1034},"snl16","\u003C?",[853,1037,1039],{"class":1038},"sDLfK","php\n",[853,1041,1042],{"class":855,"line":867},[853,1043,1044],{"class":957},"// Let's just print out some PHP info\n",[853,1046,1047,1050],{"class":855,"line":875},[853,1048,1049],{"class":1038},"phpinfo",[853,1051,1052],{"class":863},"();\n",[853,1054,1055],{"class":855,"line":888},[853,1056,1057],{"class":1034},"?>\n",[540,1059,1061],{"id":1060},"use-frankenphps-built-in-automatic-https-when-you-want","Use FrankenPHP's Built-in Automatic HTTPS When You Want...",[527,1063,1064,1067],{},[517,1065,1066],{},"To run your application and handle SSL termination all in one container",[517,1068,1069],{},"A simple setup without needing zero-downtime deployments",[759,1071,1072],{},[230,1073,1074],{},"You can achieve zero-downtime deployments with FrankenPHP by placing a reverse proxy in front of the container.",[476,1076,1078],{"id":1077},"bringing-your-own-certificate","Bringing Your Own Certificate",[230,1080,1081,1082,1087,1088,561],{},"If automatic HTTPS isn't an option, you can provide your own certificate from a vendor like ",[496,1083,1086],{"href":1084,"rel":1085,"target":501},"https://www.ssls.com/",[500],"ssls.com",". Ensure your certificate issuer provides certificates compatible with your web server in ",[496,1089,1092],{"href":1090,"rel":1091,"target":501},"https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail",[500],"PEM format",[230,1094,1095],{},"To add your own certificate, mount the certificate files to the container:",[481,1097,1098],{},[230,1099,1100,1101,1104],{},"Set your private key file permissions to ",[269,1102,1103],{},"600"," (read/write for owner only). Incorrect permissions will cause errors when loading the private key.",[841,1106,1107,1212,1236,1274],{"default-value":843},[845,1108,1111],{"className":847,"code":1109,"filename":843,"highlights":1110,"language":849,"meta":10,"style":10},"services:\n  php:\n    image: serversideup/php:8.5-fpm-nginx\n    ports:\n      - 80:8080\n      - 443:8443\n    environment:\n      SSL_MODE: \"mixed\"\n      SSL_PRIVATE_KEY_FILE: \"/etc/ssl/custom/test-key.pem\"\n      SSL_CERTIFICATE_FILE: \"/etc/ssl/custom/test.pem\"\n    volumes:\n      - .:/var/www/html/\n      - ./certs/:/etc/ssl/custom/\n",[921,932,943,969],[269,1112,1113,1119,1125,1134,1140,1146,1152,1158,1169,1180,1191,1197,1204],{"__ignoreMap":10},[853,1114,1115,1117],{"class":855,"line":856},[853,1116,860],{"class":859},[853,1118,864],{"class":863},[853,1120,1121,1123],{"class":855,"line":867},[853,1122,870],{"class":859},[853,1124,864],{"class":863},[853,1126,1127,1129,1131],{"class":855,"line":875},[853,1128,878],{"class":859},[853,1130,881],{"class":863},[853,1132,1133],{"class":884},"serversideup/php:8.5-fpm-nginx\n",[853,1135,1136,1138],{"class":855,"line":888},[853,1137,891],{"class":859},[853,1139,864],{"class":863},[853,1141,1142,1144],{"class":855,"line":896},[853,1143,899],{"class":863},[853,1145,902],{"class":884},[853,1147,1148,1150],{"class":855,"line":905},[853,1149,899],{"class":863},[853,1151,910],{"class":884},[853,1153,1154,1156],{"class":855,"line":913},[853,1155,916],{"class":859},[853,1157,864],{"class":863},[853,1159,1162,1164,1166],{"class":1160,"line":921},[855,1161],"highlight",[853,1163,946],{"class":859},[853,1165,881],{"class":863},[853,1167,1168],{"class":884},"\"mixed\"\n",[853,1170,1172,1175,1177],{"class":1171,"line":932},[855,1161],[853,1173,1174],{"class":859},"      SSL_PRIVATE_KEY_FILE",[853,1176,881],{"class":863},[853,1178,1179],{"class":884},"\"/etc/ssl/custom/test-key.pem\"\n",[853,1181,1183,1186,1188],{"class":1182,"line":943},[855,1161],[853,1184,1185],{"class":859},"      SSL_CERTIFICATE_FILE",[853,1187,881],{"class":863},[853,1189,1190],{"class":884},"\"/etc/ssl/custom/test.pem\"\n",[853,1192,1193,1195],{"class":855,"line":954},[853,1194,964],{"class":859},[853,1196,864],{"class":863},[853,1198,1199,1201],{"class":855,"line":961},[853,1200,899],{"class":863},[853,1202,1203],{"class":884},".:/var/www/html/\n",[853,1205,1207,1209],{"class":1206,"line":969},[855,1161],[853,1208,899],{"class":863},[853,1210,1211],{"class":884},"./certs/:/etc/ssl/custom/\n",[845,1213,1214],{"className":1024,"code":1025,"filename":1026,"language":1027,"meta":10,"style":10},[269,1215,1216,1222,1226,1232],{"__ignoreMap":10},[853,1217,1218,1220],{"class":855,"line":856},[853,1219,1035],{"class":1034},[853,1221,1039],{"class":1038},[853,1223,1224],{"class":855,"line":867},[853,1225,1044],{"class":957},[853,1227,1228,1230],{"class":855,"line":875},[853,1229,1049],{"class":1038},[853,1231,1052],{"class":863},[853,1233,1234],{"class":855,"line":888},[853,1235,1057],{"class":1034},[845,1237,1242],{"className":1238,"code":1239,"filename":1240,"language":1241,"meta":10,"style":10},"language-pem shiki shiki-themes github-dark","-----BEGIN PRIVATE KEY-----\nEXAMPLE_PRIVATE_KEY_DO_NOT_USE\nMIIEvQIBADANBgkqhkiG9w0BAQEFASCBKwggSjAgEAAoIBAQDExampleKeyData\nThisIsNotARealPrivateKeyAndShouldNotBeUsedInProduction123456789\nReplaceThisWithYourActualPrivateKeyFile\n-----END PRIVATE KEY-----\n","certs/test-key.pem","pem",[269,1243,1244,1249,1254,1259,1264,1269],{"__ignoreMap":10},[853,1245,1246],{"class":855,"line":856},[853,1247,1248],{},"-----BEGIN PRIVATE KEY-----\n",[853,1250,1251],{"class":855,"line":867},[853,1252,1253],{},"EXAMPLE_PRIVATE_KEY_DO_NOT_USE\n",[853,1255,1256],{"class":855,"line":875},[853,1257,1258],{},"MIIEvQIBADANBgkqhkiG9w0BAQEFASCBKwggSjAgEAAoIBAQDExampleKeyData\n",[853,1260,1261],{"class":855,"line":888},[853,1262,1263],{},"ThisIsNotARealPrivateKeyAndShouldNotBeUsedInProduction123456789\n",[853,1265,1266],{"class":855,"line":896},[853,1267,1268],{},"ReplaceThisWithYourActualPrivateKeyFile\n",[853,1270,1271],{"class":855,"line":905},[853,1272,1273],{},"-----END PRIVATE KEY-----\n",[845,1275,1278],{"className":1238,"code":1276,"filename":1277,"language":1241,"meta":10,"style":10},"-----BEGIN CERTIFICATE-----\nEXAMPLE_CERTIFICATE_DO_NOT_USE\nMIIEIDCCAwigAwIBAgIQCqH+3yBp80lQ9OVmbNmbRzANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMTA0MjkwMDAwMDBaFw0zMjA0MjgyMzU5NTlaMFsxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumQB+ILtbVLaKTeQeGviJLbfBxMIRZACMpbs\nQFmylhSTSSpLc1bNPrRVWWVmv+Lt8i3HuLjPQF+3M2NzBWVYB7Gixgd13KZBquor\n2W4Sj5SfR2onVzULfBy6SrwxfSTnnykA1NAzGLbGSukNkY4fO7N4V3C1mLGvL8H\n-----END CERTIFICATE-----\n","certs/test.pem",[269,1279,1280,1285,1290,1295,1300,1305,1310,1315,1320,1325,1330,1335],{"__ignoreMap":10},[853,1281,1282],{"class":855,"line":856},[853,1283,1284],{},"-----BEGIN CERTIFICATE-----\n",[853,1286,1287],{"class":855,"line":867},[853,1288,1289],{},"EXAMPLE_CERTIFICATE_DO_NOT_USE\n",[853,1291,1292],{"class":855,"line":875},[853,1293,1294],{},"MIIEIDCCAwigAwIBAgIQCqH+3yBp80lQ9OVmbNmbRzANBgkqhkiG9w0BAQsFADBh\n",[853,1296,1297],{"class":855,"line":888},[853,1298,1299],{},"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n",[853,1301,1302],{"class":855,"line":896},[853,1303,1304],{},"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n",[853,1306,1307],{"class":855,"line":905},[853,1308,1309],{},"QTAeFw0yMTA0MjkwMDAwMDBaFw0zMjA0MjgyMzU5NTlaMFsxCzAJBgNVBAYTAlVT\n",[853,1311,1312],{"class":855,"line":913},[853,1313,1314],{},"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n",[853,1316,1317],{"class":855,"line":921},[853,1318,1319],{},"b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n",[853,1321,1322],{"class":855,"line":932},[853,1323,1324],{},"9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumQB+ILtbVLaKTeQeGviJLbfBxMIRZACMpbs\n",[853,1326,1327],{"class":855,"line":943},[853,1328,1329],{},"QFmylhSTSSpLc1bNPrRVWWVmv+Lt8i3HuLjPQF+3M2NzBWVYB7Gixgd13KZBquor\n",[853,1331,1332],{"class":855,"line":954},[853,1333,1334],{},"2W4Sj5SfR2onVzULfBy6SrwxfSTnnykA1NAzGLbGSukNkY4fO7N4V3C1mLGvL8H\n",[853,1336,1337],{"class":855,"line":961},[853,1338,1339],{},"-----END CERTIFICATE-----\n",[540,1341,1343],{"id":1342},"use-your-own-certificates-when-you","Use Your Own Certificates When You...",[527,1345,1346,1349,1352],{},[517,1347,1348],{},"Cannot use Let's Encrypt (corporate policy, network restrictions, etc.)",[517,1350,1351],{},"Have a specific certificate vendor requirement",[517,1353,1354],{},"Don't need zero-downtime deployments",[759,1356,1357],{},[230,1358,1359],{},"You can also bring your own certificate and configure it with a reverse proxy to get zero-downtime deployments.",[476,1361,1363],{"id":1362},"self-signed-certificate","Self-Signed Certificate",[583,1365,1366],{},[230,1367,1368],{},"Self-signed certificates will display warnings in the browser.",[230,1370,1371,1372,1374,1375,503,1377,1379,1380,767,1383,1386],{},"While browsers will show warnings, self-signed certificates are useful for specific use cases, such as encrypting traffic between containers in a cluster. If you set ",[269,1373,339],{}," to ",[269,1376,372],{},[269,1378,382],{}," without providing a certificate at ",[269,1381,1382],{},"$SSL_CERTIFICATE_FILE",[269,1384,1385],{},"$SSL_PRIVATE_KEY_FILE",", a self-signed certificate will be automatically generated.",[845,1388,1391],{"className":847,"code":1389,"filename":843,"highlights":1390,"language":849,"meta":10,"style":10},"services:\n  php:\n    image: serversideup/php:8.5-fpm-nginx\n    ports:\n      - 80:8080\n      - 443:8443\n    environment:\n      # Set SSL mode to \"mixed\" (HTTP + HTTPS)\n      SSL_MODE: \"mixed\"\n    volumes:\n      - .:/var/www/html\n",[913,921,932],[269,1392,1393,1399,1405,1413,1419,1425,1431,1438,1444,1453,1459],{"__ignoreMap":10},[853,1394,1395,1397],{"class":855,"line":856},[853,1396,860],{"class":859},[853,1398,864],{"class":863},[853,1400,1401,1403],{"class":855,"line":867},[853,1402,870],{"class":859},[853,1404,864],{"class":863},[853,1406,1407,1409,1411],{"class":855,"line":875},[853,1408,878],{"class":859},[853,1410,881],{"class":863},[853,1412,1133],{"class":884},[853,1414,1415,1417],{"class":855,"line":888},[853,1416,891],{"class":859},[853,1418,864],{"class":863},[853,1420,1421,1423],{"class":855,"line":896},[853,1422,899],{"class":863},[853,1424,902],{"class":884},[853,1426,1427,1429],{"class":855,"line":905},[853,1428,899],{"class":863},[853,1430,910],{"class":884},[853,1432,1434,1436],{"class":1433,"line":913},[855,1161],[853,1435,916],{"class":859},[853,1437,864],{"class":863},[853,1439,1441],{"class":1440,"line":921},[855,1161],[853,1442,1443],{"class":957},"      # Set SSL mode to \"mixed\" (HTTP + HTTPS)\n",[853,1445,1447,1449,1451],{"class":1446,"line":932},[855,1161],[853,1448,946],{"class":859},[853,1450,881],{"class":863},[853,1452,1168],{"class":884},[853,1454,1455,1457],{"class":855,"line":943},[853,1456,964],{"class":859},[853,1458,864],{"class":863},[853,1460,1461,1463],{"class":855,"line":954},[853,1462,899],{"class":863},[853,1464,974],{"class":884},[230,1466,1467],{},"The above will generate a self-signed certificate and configure the server to listen on both HTTP (port 80) and HTTPS (port 443).",[540,1469,1471],{"id":1470},"use-a-self-signed-certificate-when-you","Use a Self-Signed Certificate When You...",[527,1473,1474,1477],{},[517,1475,1476],{},"Have a reverse proxy in front of the container handling SSL termination",[517,1478,1479],{},"Need all traffic to be encrypted (even on the internal network between containers)",[759,1481,1482],{},[230,1483,1484,1485,1487],{},"If you have a reverse proxy in front of the container handling SSL termination, you don't need to use ",[269,1486,339],{}," at all. You can configure your reverse proxy to communicate with your PHP container via HTTP (port 8080), eliminating the need to configure SSL within the container.",[1489,1490,1491],"style",{},"html pre.shiki code .s4JwU, html code.shiki .s4JwU{--shiki-default:#85E89D}html pre.shiki code .s95oV, html code.shiki .s95oV{--shiki-default:#E1E4E8}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .snl16, html code.shiki .snl16{--shiki-default:#F97583}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}",{"title":10,"searchDepth":867,"depth":867,"links":1493},[1494,1495,1496],{"id":236,"depth":867,"text":237},{"id":332,"depth":867,"text":333},{"id":388,"depth":867,"text":389,"children":1497},[1498,1499,1500,1501],{"id":478,"depth":875,"text":479},{"id":580,"depth":875,"text":581},{"id":1077,"depth":875,"text":1078},{"id":1362,"depth":875,"text":1363},"Learn how to use SSL with the serversideup/php images.",null,{"head":1505,"layout":7},{"title":1506},"Configuring SSL - Docker PHP - Server Side Up",{"title":146,"description":1502},"G2zo3der_vNnRFSYnQIdvXL0ORhtIeI66DvT-k9gVkw",[1510,1512],{"title":142,"path":143,"stem":144,"description":1511,"children":-1},"Learn how to properly package your PHP application into production-ready Docker images.",{"title":150,"path":151,"stem":152,"description":1513,"children":-1},"Learn how to choose the right hosting provider for your containerized PHP application.",1776367055971]