Question

How can i use ssl certificate in container?

Posted December 5, 2019 865 views
Kubernetes

I want to use ssl certificate, but for some reason I don’t have access to server, all can i do it’s work with docker containers and kubernetes. I found some solutions how to do it with ingress, but it didn’t help me. Can I apply certificate to my docker container? And what extra configs I need to make it work correctly?
P.S.: I have extarnal DNS, where i got certificate for my domain.

2 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
  1. Create rootfs folder in your project
    then add ssl-cert.crt and ssl-cert.key files in it

  2. Create build-nginx-conf-file.sh file then put this code in it

#!/bin/bash

if [ $CI_DEPLOYMENT_ENV_VERSION = 'production' ]
then
    ENV_NAME=pro
else
    ENV_NAME=test
fi

cat > /etc/nginx/conf.d/default.conf <<EOL
server {
  listen 80;
  listen [::]:80;
 # you can use var $ENV_NAME for your environment 
  server_name              $ENV_NAME.your-server-url ;
  return 301 https://$ENV_NAME.your-server-url;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate           /ssl-cert.crt;
  ssl_certificate_key       /ssl-cert.key;
  server_name               $ENV_NAME.your-server-url;

  ssl on;
  charset utf-8;
  sendfile on;
  root /usr/share/nginx/html;
  location / {
    expires -1;
    add_header Pragma "no-cache";
    add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";

    try_files \$uri \$uri/ /index.html = 404;
  }

  location /api/v1/namespaces/ {
    proxy_pass https://openwhisk.ng.bluemix.net; 
  }    

  proxy_connect_timeout       60000;
  proxy_send_timeout          60000;
  proxy_read_timeout          60000;
  send_timeout                60000;
}

EOL

Set build-nginx-conf-file.sh to be executable file

chmod -R 0777 build-nginx-conf-file.sh

Create docker file like that

FROM nginx:latest
ARG CI_DEPLOYMENT_ENV_VERSION
ENV CI_DEPLOYMENT_ENV_VERSION=$CI_DEPLOYMENT_ENV_VERSION
COPY rootfs /
COPY /dist /usr/share/nginx/html
RUN /build-nginx-conf-file.sh
RUN /build-env-file.sh

Run docker build like

docker build --build-arg CI_DEPLOYMENT_ENV_VERSION=production -t your-image-tag:v1 .  
Submit an Answer