MeiliSearch is a powerful, fast, and easy-to-use search engine, perfect for developers who want to implement search functionality into their applications. In this blog post, we will walk you through the process of deploying MeiliSearch with SSL encryption using Docker Compose and Nginx as a reverse proxy. This setup ensures a secure connection between your users and your MeiliSearch instance.
Prerequisites
Before you begin, make sure you have the following tools installed on your system:
Docker: Ensure Docker is installed and running on your machine. You can follow the installation guide on the official Docker website.
Docker Compose: Make sure Docker Compose is installed. You can find installation instructions on the official Docker Compose website.
OpenSSL: Required for generating SSL certificates. You can install OpenSSL through your package manager or download it from the official OpenSSL website.
Configuration
Create a docker-compose.yml file in your project directory and copy the following content:
services:
meilisearch:
image: getmeili/meilisearch:v1.1
restart: always
ports:
- '7700:7700'
environment:
- MEILI_MASTER_KEY=key
volumes:
- meili_data:/meili_data
nginx:
image: nginx:stable-alpine
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /home/ubuntu/cert.pem:/etc/nginx/certs/fullchain.pem
- /home/ubuntu/key.pem:/etc/nginx/certs/privkey.pem
depends_on:
- meilisearch
volumes:
meili_data:
This configuration file sets up two services: MeiliSearch and Nginx.
Meilisearch service:
You should replace the key value with a random string. This key will be used to secure your MeiliSearch instance. You can generate a random string using the following command:
openssl rand -hex 16
Nginx service:
There's a bit more config to do with the Nginx service. We can create a ssl certificate using OpenSSL. We will use this certificate to enable SSL encryption for our MeiliSearch instance. You can generate a self-signed certificate using the following command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=yourdomainname" -nodes
Then we can create a configuration file called nginx.conf and copy the following content:
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name yourdomainname;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name yourdomainname;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
location / {
proxy_pass http://meilisearch:7700;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
You'll want to update the appropriate values for your domain name and SSL certificate paths.
Running the application
Now that we have our configuration files ready, we can run the application using the following command:
docker compose up -d
This will start both services in the background. You can check the status of your services using the following command:
docker compose ps
You should see something like this:
Name Command State Ports
--------------------------------------------------------------------------------
meilisearch ... Up ..
nginx ... Up ..
The -d
in the docker compose up -d
command tells Docker to run the services in the background.
This will also cause the services to restart automatically if they crash or if you reboot the machine.
Thanks for reading!
Member discussion: