Question

How can i use ssl certificate in container?

I want to use ssl certificate, but for some reason I don’t have access to server, all can i do it’s work with docker containers and kubernetes. I found some solutions how to do it with ingress, but it didn’t help me. Can I apply certificate to my docker container? And what extra configs I need to make it work correctly? P.S.: I have extarnal DNS, where i got certificate for my domain.

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

mohammedzakiDecember 5, 2019

  1. Create rootfs folder in your project then add ssl-cert.crt and ssl-cert.key files in it

  2. Create build-nginx-conf-file.sh file then put this code in it

#!/bin/bash

if [ $CI_DEPLOYMENT_ENV_VERSION = 'production' ]
then
    ENV_NAME=pro
else
    ENV_NAME=test
fi

cat > /etc/nginx/conf.d/default.conf <<EOL
server {
  listen 80;
  listen [::]:80;
 # you can use var $ENV_NAME for your environment 
  server_name              $ENV_NAME.your-server-url ;
  return 301 https://$ENV_NAME.your-server-url;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate           /ssl-cert.crt;
  ssl_certificate_key       /ssl-cert.key;
  server_name               $ENV_NAME.your-server-url;

  ssl on;
  charset utf-8;
  sendfile on;
  root /usr/share/nginx/html;
  location / {
    expires -1;
    add_header Pragma "no-cache";
    add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
  
    try_files \$uri \$uri/ /index.html = 404;
  }
  
  location /api/v1/namespaces/ {
    proxy_pass https://openwhisk.ng.bluemix.net; 
  }    

  proxy_connect_timeout       60000;
  proxy_send_timeout          60000;
  proxy_read_timeout          60000;
  send_timeout                60000;
}

EOL

Set build-nginx-conf-file.sh to be executable file

chmod -R 0777 build-nginx-conf-file.sh

Create docker file like that

FROM nginx:latest
ARG CI_DEPLOYMENT_ENV_VERSION
ENV CI_DEPLOYMENT_ENV_VERSION=$CI_DEPLOYMENT_ENV_VERSION
COPY rootfs /
COPY /dist /usr/share/nginx/html
RUN /build-nginx-conf-file.sh
RUN /build-env-file.sh

Run docker build like

docker build --build-arg CI_DEPLOYMENT_ENV_VERSION=production -t your-image-tag:v1 .