Skip to content

Enable SSL termination for the container for local dev #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 10 commits into from
Closed

Enable SSL termination for the container for local dev #48

wants to merge 10 commits into from

Conversation

@nalshamma
Copy link

@nalshamma nalshamma commented Jan 26, 2017
edited
Loading

@bryanlatten Still WIP. I ended up doing two implementations, and prefer the one using CONTAINER_SSL and CONTAINER_PORT. I would remove the SERVER_ENABLE_SSL implementation.

The tests currently fail if you use --build-args CONTAINER_SSL=true with this problem, although I can run with https on the container:

$ nginx -t
nginx: [warn] conflicting server name "" on 0.0.0.0:8080, ignored

I have deferred working on alpine while still being reviewed.

@nalshamma
Copy link
Author

nalshamma commented Feb 16, 2017

@bryanlatten Ready for review. SSL is now enabled at "docker run" time. Certs are mapped from local file system. Tested both ubuntu and alpine build & run for SSL.

bryanlatten
bryanlatten reviewed Feb 16, 2017
View reviewed changes
Dockerfile Outdated
apt-get install -yqq --no-install-recommends \
nginx-light \
&& \
apt-get install -yqq --no-install-recommends \
Copy link
Contributor

@bryanlatten bryanlatten Feb 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this installation can be combined right below nginx-light, no need for an additional install line

bryanlatten
bryanlatten reviewed Feb 16, 2017
View reviewed changes
Dockerfile-alpine Outdated
apk add \
nginx \
&& \
apk add \
Copy link
Contributor

@bryanlatten bryanlatten Feb 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can also be combined with above

bryanlatten
bryanlatten reviewed Feb 16, 2017
View reviewed changes
README.md Outdated
Provides base OS, patches and stable nginx for quick and easy spinup.

[S6](https://github.com/just-containers/s6-overlay) process supervisor is used for `only` for zombie reaping (as PID 1), boot coordination, and termination signal translation
[S6](https://github.com/just-containers/s6-overlay) process supervisor is used for `only` for zombie reaping (as PID 1), boot coordination, and termination signal translation
Copy link
Contributor

@bryanlatten bryanlatten Feb 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like your editor clipped the whitespace, which is important in MD files

@nalshamma
Copy link
Author

nalshamma commented Feb 16, 2017

@bryanlatten Okay, I made updates per suggestions.

bryanlatten
bryanlatten reviewed Mar 6, 2018
View reviewed changes
container/root/etc/nginx/sites-available/default Outdated
listen 8080;

#ssl on;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Copy link
Contributor

@bryanlatten bryanlatten Mar 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove TLSv1 (and possibly 1.1) from the list

Copy link
Contributor

@bryanlatten bryanlatten Mar 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

@bryanlatten bryanlatten mentioned this pull request Mar 6, 2018
Closed
@bryanlatten
Copy link
Contributor

bryanlatten commented Mar 6, 2018

@nalshamma a PR was just merged adding cent to the mix. Can you handle that one too?

@nalshamma
Copy link
Author

nalshamma commented Mar 7, 2018

@bryanlatten merge completed

@bossjones bossjones mentioned this pull request Mar 18, 2019
Closed
@bryanlatten
Copy link
Contributor

bryanlatten commented May 22, 2020

Superseded by #74

NOTE: the warning for duplicate server_name is due to your sed -ig which duplicated the file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@bryanlatten bryanlatten bryanlatten left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nalshamma @bryanlatten @alshamma