Support for HTTPS

Question

Support for HTTPS

ashl1 opened this issue 7 years ago · 8 comments

Thank you for the image!
I think adding support for HTTPS will improve security of using this image in production.
We uses "lets-nginx" image in docker-compose with "registry" to provide worldwide approved SSL certificates. I think ability to use TLS certificate for this image is a good idea.

Answer 1 · 2017-08-18T16:28:49.000Z

You're welcome.
The image is based on Nginx, so you can put your own Nginx configuration to include your own certificates.
There will however be no automatic update of Let's Encrypt certificates.

Exemple of configuration to add in /etc/nginx/conf.d:

server {
  listen              443 ssl;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_certificate     /etc/nginx/certs/fullchain.pem;
  ssl_certificate_key /etc/nginx/certs/privkey.pem;
}

server {
  listen 80;
  location /  {
    return 301 https://$host$request_uri;
  }
}

Answer 2 · 2017-08-18T16:41:07.000Z

Yes. I suppose to make PR to support using attributes for this image and updated README. What do you think about?

Answer 3 · 2017-08-18T21:38:24.000Z

Yes, you can try.
Activating ssl option shouldn't be in the docker image because it is a specific configuration. Don't you think?
Updating the readme is a good idea (in order to have "how to add ssl in nginx" section).

Answer 4 · 2019-04-02T11:50:09.000Z

The Page is available with:

server {
  listen              443 ssl;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_certificate     /etc/nginx/certs/fullchain.pem;
  ssl_certificate_key /etc/nginx/certs/privkey.pem;
  root /usr/share/nginx/html;
}

server {
  listen 80;
  location /  {
    return 301 https://$host$request_uri;
  }
}

but my error with "remote error: tls: bad certificate" on the dockerhub is still the same

Answer 5 · 2019-04-03T17:31:14.000Z

Hi,
It seems that it's a certificate/nginx configuration issue, either your key or fullchain are incorrect (incorrect format or are not certificates).

Answer 6 · 2019-04-03T17:34:04.000Z

Sorry, I'm currently in Japan and can't go further for this issue.

Answer 7 · 2019-04-16T10:22:59.000Z

Hello,

I wrote an example for this issue, you can see it here : examples/issue-20

Answer 8 · 2021-02-23T08:40:53.000Z

I did all in the example, but i don't understand "You will need to rewrite all the project configuration (replaces proxy_pass with our value)."
Only get:
ui_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
ui_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
ui_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
ui_1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
ui_1 | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
ui_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confCaPkPD' to '/etc/nginx/conf.d/default.conf': Resource busy
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confJogDGK' to '/etc/nginx/conf.d/default.conf': Resource busy
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confepeBnm' to '/etc/nginx/conf.d/default.conf': Resource busy
docker-registry_ui_1 exited with code 1