This is assuming our certs are for www.mydomain.com, our key is domain.key and our domain cert is domain.crt.
1. Get the domain certificate and your private key. The key is generated when you generate the CSR to apply for ssl, and the certificate is sent to you from you ssl provider
$ ls
mydomain.crt mydomain.key
2. If your provider does not provide you with the bundled certificate, you need to get the root and intermediate certificate from the provider, since nginx needs the root, intermediate and domain to be in the same file for the ssl to work.
3. Combine domain certificate, intermediate certificate and root certificate into a file, let's call the file combined.crt
$ cat mydomain.crt intermediate.crt root.crt > combined.crt
4. Remove any ^M (carriage return) characters from the combined.crt file
$ sed -i 's/\r$//' combined.crt
5. Start an nginx docker container
$ docker run -dit --name nginx -v ${PWD}:/ssl nginx:latest
6. Get the ip address of the docker container
$ docker inspect nginx | grep -w IPAddress
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
# cat >> /etc/hosts <<EOF
172.17.0.2 www.mydomain.com
EOF
cat >> mydomain.com.conf << EOFserver {listen 80;server_name mydomain.com;location / {root /usr/share/nginx/html;index index.html index.htm;}}server {listen 443 ssl;server_name mydomain.com;ssl_certificate /ssl/combined.crt;ssl_certificate_key /ssl/mydomain.key;location / {root /usr/share/nginx/html;index index.html index.htm;}}EOF
docker exec -it nginx ln -s /ssl/mydomain.com.conf /etc/nginx/conf.d
docker exec -it nginx nginx -t
$ docker restart nginx
$ docker ps
No comments:
Post a Comment