MeiliSearch is a powerful, fast, and easy-to-use search engine, perfect for developers who want to implement search functionality into their applications. In this blog post, we will walk you through the process of deploying MeiliSearch with SSL encryption using Docker Compose and Nginx as a reverse proxy. This setup ensures a secure connection between your users and your MeiliSearch instance.

Prerequisites

Before you begin, make sure you have the following tools installed on your system:

Docker: Ensure Docker is installed and running on your machine. You can follow the installation guide on the official Docker website.

Docker Compose: Make sure Docker Compose is installed. You can find installation instructions on the official Docker Compose website.

OpenSSL: Required for generating SSL certificates. You can install OpenSSL through your package manager or download it from the official OpenSSL website.

Configuration

Create a docker-compose.yml file in your project directory and copy the following content:

services:
  meilisearch:
    image: getmeili/meilisearch:v1.1
    restart: always
    ports:
      - '7700:7700'
    environment:
      - MEILI_MASTER_KEY=key
    volumes:
      - meili_data:/meili_data

  nginx:
    image: nginx:stable-alpine
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - /home/ubuntu/cert.pem:/etc/nginx/certs/fullchain.pem
      - /home/ubuntu/key.pem:/etc/nginx/certs/privkey.pem
    depends_on:
      - meilisearch

volumes:
  meili_data:

This configuration file sets up two services: MeiliSearch and Nginx.

Meilisearch service:

You should replace the key value with a random string. This key will be used to secure your MeiliSearch instance. You can generate a random string using the following command:

openssl rand -hex 16

Nginx service:

There's a bit more config to do with the Nginx service. We can create a ssl certificate using OpenSSL. We will use this certificate to enable SSL encryption for our MeiliSearch instance. You can generate a self-signed certificate using the following command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=yourdomainname" -nodes

Then we can create a configuration file called nginx.conf and copy the following content:

events {
    worker_connections 1024;
}
http {
    server {
        listen 80;
        server_name yourdomainname;
        return 301 https://$host$request_uri;
    }
    server {
        listen 443 ssl;
        server_name yourdomainname;
        ssl_certificate /etc/nginx/certs/fullchain.pem;
        ssl_certificate_key /etc/nginx/certs/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
        location / {
            proxy_pass http://meilisearch:7700;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

You'll want to update the appropriate values for your domain name and SSL certificate paths.

Running the application

Now that we have our configuration files ready, we can run the application using the following command:

docker compose up -d

This will start both services in the background. You can check the status of your services using the following command:

docker compose ps

You should see something like this:

Name                Command               State           Ports
--------------------------------------------------------------------------------
meilisearch         ...                   Up              ..
nginx               ...                   Up              ..

The -d in the docker compose up -d command tells Docker to run the services in the background.

This will also cause the services to restart automatically if they crash or if you reboot the machine.

Thanks for reading!