SSL Keys Option A

Question

SSL Keys Option A

robclay opened this issue 9 years ago · 7 comments

When running with:
docker run -v /shares/myextshare:/usr/share/webapps/owncloud/data --name oc --restart=’always’ -p 8080:80 -p 8443:443 -d l3iggs/owncloud
everything seems to work.

When I try to add my own SSL Key:
docker run -v /shares/myextshare:/usr/share/webapps/owncloud/data -v /home/root/sslCert:/root/sslKeys --name oc --restart=’always’ -p 8080:80 -p 8443:443 -d l3iggs/owncloud
I get:
Error response from daemon: Cannot start container 7(yada Yad Yada)a: [8] System error: invalid argument
Any Suggestions or order placement issues?

And as an aside... thanks for making this available!

greyltc commented 9 years ago

cool.

Answer 1 · 2016-05-13T12:08:18.000Z

Your permissions on /home/root/sslCert and probably /home/root are preventing docker from using that folder?

Answer 2 · 2016-05-13T17:49:32.000Z

Thanks for your quick response! I changed the location / ran the permissions and I ended starting the image without the error. Something strange happens... I am unable to connect at all...
Firefox reports: Unable to connect... but if I remove the -v "ssl stuff" and run again, I can connect (using the self signed cert in Option B I guess.)

Question: When I created the CSR file to apply for my SSL, should I have run the commands within docker somehow? I used openssl req -new -key <private key file name>.key -out <csr file name>.csr. Because I do not fully grasp how SSLs work, I am wondering if that can be an issue?

Also, I just talked to a chat help with rapidssl... they told me I needed to have the intermediate.crt also placed in the same directory. Does this need to be named something specifically to match yours?

Thanks for any and all help!

Answer 3 · 2016-05-13T19:54:53.000Z

Fixed by the following:
I 'entered' the container shell.
I edited the httpd-ssl.conf and uncommented / modified
SSLCertificateChainFile "/root/sslKeys/intermediate.crt"
I then:
apachectl stop
and
apachectl start

It prompted:
Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases.
so I entered it. But it seems to be working.

Will this always be prompted when I start? i.e. Will I need to 'enter' the container to answer this each time? Or did I mess something up!?

Thanks!

Answer 4 · 2016-05-13T20:23:34.000Z

i should have researched... http://serverfault.com/questions/160768/stop-apache-from-asking-for-ssl-password-each-restart This solves the restart problem. Which i bet was the original issue. :/

Answer 5 · 2016-05-16T09:46:40.000Z

I think the solution here is for you to regenerate your secret SSL files so that they don't need a password to be used. Having them password protected is only really needed if you're worried about them falling into the wrong hands.

Answer 6 · 2016-05-17T11:48:53.000Z

Agreed. That solved it.