How to run MapTiler Server via Docker with HTTPS

Installation

To install MapTiler Server as a Docker image, run docker pull maptiler/server:latest. The basic sample of docker-compose is available here.

Prepare docker-compose

Let's assume, we start blank on the computer in our path /Projects/server/. We need files docker-compose.yml, nginx.conf, and generate-certificates.sh.

# ===============================
# docker-compose.yml
version: "3.5"

services:
  server:
    container_name: server
    image: maptiler/server:latest
    command: --adminPassword=${ADMIN_PASS:-"admin123"}
    restart: "always"
    volumes:
      - ./data/:/data/
      - ./log/server/:/data/logs/
    environment:
      MAPTILER_SERVER_LICENSE: ${MAPTILER_SERVER_LICENSE:-""}

  nginx:
    container_name: nginx
    image: nginx:1.25-alpine
    restart: "always"
    depends_on:
      - server
      - gen_certs
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/server.conf:ro
      - ./certs:/etc/nginx/certs/:ro
      - ./log/nginx/:/var/log/nginx/

  gen_certs:
    container_name: gen_certs
    image: maptiler/server:latest
    entrypoint: bash
    command: /tmp/generate-certificates.sh
    working_dir: /tmp/certs/
    volumes:
      - ./generate-certificates.sh:/tmp/generate-certificates.sh:ro
      - ./certs:/tmp/certs/
    restart: "no"

# ===============================
# nginx.conf

server {
  listen 443 ssl;

  server_name maps.company.com;

  access_log /var/log/nginx/maptiler_server_https_access.log;
  error_log /var/log/nginx/maptiler_server_https_error.log;

  ssl_certificate      /etc/nginx/certs/maptiler-server.crt;
  ssl_certificate_key /etc/nginx/certs/maptiler-server.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;

    proxy_hide_header Access-Control-Allow-Origin;
    add_header 'Access-Control-Allow-Origin' 'maps.company.com';

    proxy_pass http://server:3650;
    proxy_read_timeout 90;
    proxy_redirect http://server:3650 http://maps.company.com;

    # client_max_body_size 100M;
    client_max_body_size 3G;
  }
}

# ===============================
# generate-certificates.sh
if [ ! -f maptiler-server.crt -o ! -f maptiler-server.key ]; then
  openssl rand -writerand .rnd
  openssl req -x509 -rand .rnd -nodes -newkey "rsa:2048" \
    -days 365 \
    -subj "/C=CZ/ST=Moravia/L=Brno/O=MapTiler/OU=Development/CN=maps.company.com" \
    -keyout "maptiler-server.key" \
    -out "maptiler-server.crt"
  rm -f .rnd
fi
exit 0

Start docker compose

With prepared sample data you can just start docker in the background (as a daemon):

$ docker compose up -d

Now open your browser with the server name: https://maps.company.com/

Configuration

You can create or replace the SSL certificates in the folder /Project/server/certs/ with your own signed SSL certificates (files maptiler-server.crt and maptiler-server.key. If you want to redirect unsecure HTTP, just add new server into nginx.conf and restart docker containers.

# HTTP server
server {
  listen 80;
  
  location / {
    return 302 https://maps.company.com/$request_uri;
  }
}

You can adjust nginx configuration, set max-age for Security Transport: add_header Strict-Transport-Security max-age=15768000; inside server block.