Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request] Custom SSL local path / file #87

Open
eithe opened this issue Feb 26, 2019 · 20 comments
Open

[Feature request] Custom SSL local path / file #87

eithe opened this issue Feb 26, 2019 · 20 comments
Labels
enhancement

Comments

@eithe
Copy link

eithe commented Feb 26, 2019

Hi, I have my certificates accessible from the file system on the docker host so it would be great when adding a custom certificate that you could specify a local path instead of manually uploading the required files,

That way I could setup the container with e.g.:

volumes
  - /var/ssl:/ssl

And when adding a custom certificate I could enter e.g. /ssl/my.cert
@vrelk
Copy link

vrelk commented May 6, 2019

This would be very helpful. I use a .net for my local network, so being able to use something such as acme.sh to generate a wildcard using a txt dns entry would be great and not have to copy the cert over manually.

For reference: https://github.com/Neilpang/acme.sh

@cbrherms
Copy link

I would also like this. Would be useful for wildcard certs i'm generating via a different container.

@Dragonpark
Copy link

I would also love this feature as this is the only thing preventing me from using this. I also use a different container to generate my certs (via DNS, not HTTP), which also handles automatically restarting any required containers when the certificate updates.

@ubergeek77
Copy link

Apologies for the ping, but can we get a comment on this, @jc21 ?

@osnet
Copy link

osnet commented Dec 4, 2020

the actual compose magic is putting the certs persistent in ./letsencrypt/
image
image
image

ok you have to know what npm-ID is your cert but thats ok in smaller environments

@christian-skjetne
Copy link

christian-skjetne commented Dec 10, 2020
edited

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration".
Example:

listen 443 ssl http2;
listen [::]:443;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /path/to/cert/cert.pem;
  ssl_certificate_key /path/to/cert/key.pem;

just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.

P.S: to force ssl redirect add the line include conf.d/include/force-ssl.conf;

@christian-skjetne christian-skjetne mentioned this issue Feb 8, 2021
Closed
@rubendepuben
Copy link

Damn this feature would be nice

@chaptergy chaptergy mentioned this issue May 11, 2021
Closed
@chaptergy chaptergy changed the title [Feature request] Custom SSL local path [Feature request] Custom SSL local path / file May 11, 2021
@chaptergy chaptergy mentioned this issue May 11, 2021
Closed
@meinradr
Copy link

This feature would be amazing. Specially for non proxy host certificates since there is no advanced tab and therefore @christian-skjetne workaround does not work.

@shalak
Copy link

shalak commented Mar 6, 2022

Any updates on this one? I'm managing certbot separately and I'm provisioning all my services with certs via hooks. I'd like to see a "load cert from this path" option in npm...

@azoller1
Copy link

azoller1 commented Apr 4, 2022

@shalak

Does @christian-skjetne comment not help you? Should be ok for any http proxy route. Haven't tried this out yet, though. Really want to use NPM, but this is a feature I would like to have. But, I think this should work for now.

@shalak
Copy link

shalak commented Apr 4, 2022

Does @christian-skjetne comment not help you?

Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.

@azoller1
Copy link

azoller1 commented Apr 4, 2022

Does @christian-skjetne comment not help you?

Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.

I see. I am in the same boat as well. I am just manually editing my conf files at this point. Really easy to use nginxconfig.io to provide for the base files.

@BigW72
Copy link

BigW72 commented May 27, 2022

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:

...

Apologies if this is an idiot question, but why does it not seem to work to stop the container, replace the privkey.pem and fullchain.pem in the relevant /data/custom_ssl/npm-x folder with manually updated cert/key files and restarting the container?

@1liminal1
Copy link

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:

listen 443 ssl http2;
listen [::]:443;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /path/to/cert/cert.pem;
  ssl_certificate_key /path/to/cert/key.pem;

just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.

P.S: to force ssl redirect add the line include conf.d/include/force-ssl.conf;

Can anyone advise what Im doing wrong here?

I add the config as specified and it gives me an offline error? Essentially breaks it

image

@tuxthepenguin84
Copy link

@1liminal1
I had a similar issue until I realized I had a conflicting config in it (listen 80 was in "details" and "advanced", once I removed it from "advanced" it worked). I would double check all your paths are correct and possibly restart the container, here's my exact config:

listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;

@tuxthepenguin84
Copy link

There's a simpler way to do this if all your Proxy Host need the same SSL config.

  1. Set SSL to none for all your Proxy Host
  2. Remove any SSL config from Advanced
  3. Paste your custom SSL config in /data/nginx/custom/server_proxy.conf
listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;
  1. Restart container

@BigW72
Copy link

BigW72 commented Feb 10, 2023

There's a simpler way to do this if all your Proxy Host need the same SSL config.

Great, thanks! I have also tested this with a single proxy host and it works - now I can update the SSL settings for the 40+ others for the last time!

@ThaDaVos
Copy link

ThaDaVos commented Sep 2, 2023

Is there any progress on this issue except the mentioned workaround?

@Ducksoul
Copy link

I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline:
include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;

@nsaneadmin
Copy link

I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline: include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;

full path also fixed mine! Good find Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests