DevOpsforIT/container_ssl_crt.txt at master · williamobiana/DevOpsforIT · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Configure Self-Signed SSL Certificate For Nginx Docker

# Run a docker container with port 443 exposed
docker run -it -p 443:443 --name nginx-app

# Exec into the container
docker exec -it <container ID> /bin/bash

# Install dependencies
apt update
apt install nano
apt install openssl

# Test the server with curl
curl localhost

# View the default configuration
cd etc/nginx/conf.d
ls
cat default.conf

# Return to root and use openssl to generate 'key' & 'crt' files
cd
cd ..
openssl req -x509 -nodes \
    -days 365 \
    -subj "/C=CA/ST=QC/O=Company, Inc./CN=mydomain.com" \
    -addext "subjectAltName=DNS:mydomain.com" \
    -newkey rsa:2048 \
    -keyout /etc/ssl/private/nginx-selfsigned.key \
    -out /etc/ssl/certs/nginx-selfsigned.crt;

# Modify nginx default configuration for SSL
cd etc/nginx/conf.d
nano default.conf
add the commmand below in the server section (listen on port 443, add the certificat & key)
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
save

# Verify the configuration
nginx -t

# Reload
nginx -s reload

# Test the server with curl and insecure option
curl localhost --insecure #because this is self-signed, withput --insecure browser will flag it.

Reference:
https://codingwithmanny.medium.com/configure-self-signed-ssl-for-nginx-docker-from-a-scratch-7c2bcd5478c6