Docker with Self-signed certificate process?

docker
seafile-data

#1

Hi,

I have created a second container called seafilefinance, im trying to enable a https self signed certificate. But i cant get it working. http is fine.

Currently i have 2 docker containers in which seafile2 uses lets encrypt uses port 443 and 80, while seafilefinance uses port 81 and 444.

docker container ls output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2c68bf882571 seafileltd/seafile:latest "/sbin/my_init -- /s…" 28 hours ago Up 24 ho urs 0.0.0.0:81->80/tcp, 0.0.0.0:444->443/tcp seafilefinance 54925b0e2404 seafileltd/seafile:latest "/sbin/my_init -- /s…" 4 months ago Up 7 wee ks 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp seafile2

Here are the steps on how i configured it.
1.Create docker container
docker run -d --name seafilefinance
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com
-e SEAFILE_ADMIN_EMAIL=me@example.com
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password
-v /opt/seafile-data-finance:/shared
-p 81:80
-p 444:443
seafileltd/seafile:latest

2.Access the running container seafilefinance
3.Create self signed certificates.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
  1. Edit the /etc/nginx/sites-available file

     server {
     	listen 80;
     	listen 443 ssl http2;
     	server_name localhost;
     	
     	ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
     	ssl_certificate /etc/ssl/private/nginx-selfsigned.key;
    
     	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    
     	root /var/www/html;
    
     	index index.html index.nginx-debian.html;
     }
    

5.check the nginx file ; nginx -t
6. service nginx restart
7. restart docker container to make sure.

Anything i missed out? i tried creating an nginx container with the same process as creating a self signed certificate above and its working. im wondering why the docker container doesnt.


#2

Hey @JC1
I had a similar problem. important to know, every time the container is restarted, the nginx configuration files are recreated.

The best thing to do is to follow the instructions from the manual and create an appropriate directory. The certificates must then be named like the server name.