just use NGINX reverse proxy to handle SSL instead
…or if you really go down that road with M/Monit, here are some tricks
Eventually backup your container as it is,
docker commit -p mmonitprod mmonit.`date +%s`.before.ssl
Make sure the hostname you are going to use resolves itself on the container, e.g.,
vi /etc/hosts 172.17.0.4 mmonit.example.com mmonit
From the docker host, CONCATENATE IN THAT ORDER and send your SSL certificates to the container,
cd /etc/httpd/ssl/ cat private_key.pkey certificate.crt intermediate_and_ca.crt > allcert.pem chmod 400 allcert.pem cp -p allcert.pem /data/mmonitprod/
Note. alternatively, you could also,
#on the docker host, cp -p allcert.pem ~scpuser/ chown scpuser:scpuser ~scpuser/allcert.pem #on the mmonit container, apt install openssh-client scp remoteuser@dockerhost:~/alcert.pem ~/ #back to the docker host, don't forget to, rm -f ~scpuser/allcert.pem
In any case, make sure allcert.pem is copied into mmonit/conf/ with perms 400 and ownership (TODO CHECK root vs mmonit user).
Enable HTTPS,
cd /root/mmonit/conf/
cp -pi server.xml server.xml.dist
export TERM=xterm
vi server.xml
<Connector address="*" port="443" processors="10" secure="true" />
<Engine name="mmonit" defaultHost="mmonit.example.com" fileCache="10MB">
<Host name="mmonit.example.com" appBase="." address="172.17.0.4" certificate="conf/allcert.pem">
Note. change to container’s IP address accordingly.
https://mmonit.com/wiki/Monit/EnableSSLInMonit