Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure Let's encrypt certificates for nginx inside a docker image?

Tags:

docker

nginx

ssl

encryption

lets-encrypt

I know how to configure let's encrypt for nginx. I'm having hard time configuring let's encrypt with nginx inside a docker image. Let's encrypt certificates are symlinked in etc/letsencrypt/live folder and I don't have permission to view the real certificate files inside /etc/letsencrypt/archive

Can someone suggest a way out ?

like image 770
Penkey Suresh Avatar asked Jun 15 '16 18:06

Penkey Suresh

People also ask

Can I use Letsencrypt with nginx?

The first step to using Let's Encrypt to obtain an SSL certificate is to install the Certbot software on your server. Install Certbot and it's Nginx plugin with apt : sudo apt install certbot python3-certbot-nginx.

2 Answers

I add my mistake. Maybe someone will find it useful.

I mounted the /live directory of letsencrypt and not the whole letsencrypt directory tree.

The problem with this:
The /live folder just holds symlinks to the /archive folder that is not mounted to the docker container with my approach. (In fact I even mounted a /certs folder that symlinked to the live folder because I had that certs folder in the development environment, same problem..the real (symlinked) files were not mounted)

All problems went away when I mounted /etc/letsencrypt instead of /live

A part of my docker-compose.yml

  services:
    ngx:
      image: nginx
      container_name: ngx
      ports:
        - 80:80
        - 443:443
      links:
        - php-fpm
      volumes:
        - ../../com/website:/var/www/html/website
        - ./nginx.conf:/etc/nginx/nginx.conf
        - ./nginx_conf.d/:/etc/nginx/conf.d/
        - ./nginx_logs/:/var/log/nginx/
        - ../whereever/you/haveit/etc/letsencrypt/:/etc/letsencrypt

The last line in that config is the important one. Changed it from

- ./certs/:/etc/nginx/certs/

And /certs was a symlink to /etc/letsencrypt/live in my case. This can not work as I described above.

like image 132
andymel Avatar answered Oct 20 '22 12:10

andymel

If anyone having this problem, I've solved it by mounting the folders into docker container.

  • I've mounted both etc/letsencrypt and etc/ssl folders into docker
  • Docker has -vflag to mount volumes. Don't forget to open port 443 for the container.

Based on how you mount it it's possible to enable https in docker container without changing nginx paths. 

docker run -d -p 80:80 -p 443:443 -v /etc/letsencrypt/:/etc/letsencrypt/ -v /etc /ssl/:/etc/ssl/ <image name>
like image 41
Penkey Suresh Avatar answered Oct 20 '22 12:10

Penkey Suresh
Sign in to Comment

Related questions

What version of SSL does IIS 7 use by default, and how does one force it to use SSL v3?
SSL Certificate Mismatch in IE 7+, OK in Firefox 3.6+
Using git with a proxy that rewrites SSL certificates
Boost Asio how to read/write on a SSL socket that doesnt use SSL?
How do I force Disqus to use HTTPS on all requests?
How to use .key and .pem file to create a socket SSL in Android?
Apache SSL vs Python Simple HTTP Server SSL security questions
Certificate Pinning on .NET
Use SSL with maven cargo tomcat plugin
Apache couchDB CA signed certificate issues
Certificate Installation Access Denied Error
MongoDB C# SSL Client Certificate
My website stops in IIS 8 when i install self signed certificate
Would iOS AFNetwork SSL Pinning mode provide additional security bonus if valid certificate deployed
Python-Requests: direct .pem pinning with self-signed cert
Java - SSLServerSocket with only TLS
PHP imap_open() => [AUTHENTICATIONFAILED] for imap.gmail.com
Android send https post request to the server without deprecated methods
Environment specific SSL config in Laravel .env file
Connecting to Compose.io MongoDB deployment using SSL and mongos through Mongoose.js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!