Need Help/suggestions to add signed certificate

Question

Need Help/suggestions to add signed certificate

niteenkole opened this issue 3 years ago · 1 comments

niteenkole commented 3 years ago

Hi,

Works fine

docker run -dt -p 8000:80 -v /data/niteen-docs/grav_docs:/var/www/html grav:09

Now I need to add my signed certificates any help appreciated.

Answer 1 · 2021-07-08T17:15:22.000Z

Hi

Here is a diff for the Dockerfile provided to do SSL

--- Dockerfile.orig     2021-07-08 18:00:40.447254308 +0100
+++ Dockerfile  2021-07-08 18:40:11.896558852 +0100
@@ -70,6 +70,14 @@
 # Copy init scripts
 # COPY docker-entrypoint.sh /entrypoint.sh

+# Add SSL support
+RUN a2enmod ssl
+RUN sed -i "s_/etc/ssl/certs/ssl-cert-snakeoil.pem_/etc/ssl/apache/cert.pem_" /etc/apache2/sites-available/default-ssl.conf
+RUN sed -i "s_/etc/ssl/private/ssl-cert-snakeoil.key_/etc/ssl/apache/privkey.pem_" /etc/apache2/sites-available/default-ssl.conf
+RUN cd /etc/apache2/sites-enabled && ln -s ../sites-available/default-ssl.conf default-ssl.conf
+RUN rm /etc/apache2/sites-enabled/000-default.conf
+VOLUME ["/etc/ssl/apache"]
+
 # provide container inside image for data persistence
 VOLUME ["/var/www/html"]

(There is a blank line on the end of the diff file.)

This assumes you are storing your keys in the root of a volume as "privkey.pem" and "cert.pem" which will be mounted on /etc/ssl/apache in the docker image.

This will provide https on internal port 443. If you want to keep providing http on Port 80, comment out the line beginning "+RUN rm".

You will probably need to set "hostname" to match your SSL keys in docker-compose.yml as well.

(Please note the original version of this patch used /etc/ssl. This was not a good idea as it overwrote the root certificates. I have therefore amended this post and replaced rather than creating an update.)