How to install MapTiler Server via Docker with HTTPS
Installation
To install MapTiler Server as a Docker image, run docker pull maptiler/server:latest. The basic sample of docker-compose is available here.
Prepare docker-compose
Let’s assume, we start blank on the computer in our path /Projects/server/. We need files docker-compose.yml, nginx.conf, and generate-certificates.sh.
# ===============================
# docker-compose.yml
version: "3.5"
services:
server:
container_name: server
image: maptiler/server:latest
command: --adminPassword=${ADMIN_PASS:-"admin123"}
restart: "always"
volumes:
- ./data/:/data/
- ./log/server/:/data/logs/
environment:
MAPTILER_SERVER_LICENSE: ${MAPTILER_SERVER_LICENSE:-""}
nginx:
container_name: nginx
image: nginx:1.25-alpine
restart: "always"
depends_on:
- server
- gen_certs
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/server.conf:ro
- ./certs:/etc/nginx/certs/:ro
- ./log/nginx/:/var/log/nginx/
gen_certs:
container_name: gen_certs
image: maptiler/server:latest
entrypoint: bash
command: /tmp/generate-certificates.sh
working_dir: /tmp/certs/
volumes:
- ./generate-certificates.sh:/tmp/generate-certificates.sh:ro
- ./certs:/tmp/certs/
restart: "no"
# ===============================
# nginx.conf
server {
listen 443 ssl;
server_name maps.company.com;
access_log /var/log/nginx/maptiler_server_https_access.log;
error_log /var/log/nginx/maptiler_server_https_error.log;
ssl_certificate /etc/nginx/certs/maptiler-server.crt;
ssl_certificate_key /etc/nginx/certs/maptiler-server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' 'maps.company.com';
proxy_pass http://server:3650;
proxy_read_timeout 90;
proxy_redirect http://server:3650 http://maps.company.com;
# client_max_body_size 100M;
client_max_body_size 3G;
}
}
# ===============================
# generate-certificates.sh
if [ ! -f maptiler-server.crt -o ! -f maptiler-server.key ]; then
openssl rand -writerand .rnd
openssl req -x509 -rand .rnd -nodes -newkey "rsa:2048" \
-days 365 \
-subj "/C=CZ/ST=Moravia/L=Brno/O=MapTiler/OU=Development/CN=maps.company.com" \
-keyout "maptiler-server.key" \
-out "maptiler-server.crt"
rm -f .rnd
fi
exit 0
Start docker compose
With prepared sample data you can just start docker in the background (as a daemon):
$ docker compose up -d
Now open your browser with the server name: https://maps.company.com/
Configuration
You can create or replace the SSL certificates in the folder /Projects/server/certs/ with your own signed SSL certificates (files maptiler-server.crt and maptiler-server.key. If you want to redirect unsecure HTTP, just add new server into nginx.conf and restart docker containers.
# HTTP server
server {
listen 80;
server_name maps.company.com;
location / {
return 302 https://maps.company.com/$request_uri;
}
}
You can adjust nginx configuration, set max-age for Security Transport: add_header Strict-Transport-Security max-age=15768000; inside server block.