Skip to content

Automatic creation of default cert and private key #423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 12, 2018
Merged

Automatic creation of default cert and private key #423

merged 4 commits into from
Aug 12, 2018

Conversation

buchdag
Copy link
Member

@buchdag buchdag commented Aug 11, 2018

This is a proposed fix for #411 (and the related #74 #373 #416 and #420).

This PR check at container startup if both default.crt and default.key are present in /etc/nginx/certs and create them otherwise. This auto-created certificate is self signed, has subject CN=letsencrypt-nginx-proxy-companion and is valid for 365 days.

If the startup function detect a user provided default certificate and key (ie a certificate which subject does not match letsencrypt-nginx-proxy-companion), it won't overwrite it.

If the startup function detect an auto-created certificate which remaining validity is less than three months, it will re-create a new one.

Some test units and functions had to be modified / expanded to take this new feature into account.

This feature comes with its own test unit.

@buchdag buchdag requested a review from JrCs August 11, 2018 10:02
JrCs
JrCs previously approved these changes Aug 12, 2018
View reviewed changes
Copy link
Collaborator

@JrCs JrCs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job 🥇
Don't forget the documentation.

@buchdag
Copy link
Member Author

buchdag commented Aug 12, 2018

Under which section of the doc do you think this should go ?

@JrCs
Copy link
Collaborator

JrCs commented Aug 12, 2018

Feel free to choose. Just a little sentence to said that we can use default self-signed certificates.

@buchdag
Copy link
Member Author

buchdag commented Aug 12, 2018

Travis is having network related issues since two days ago, might be a while before the tests finally succeed.

@buchdag buchdag merged commit eaec604 into nginx-proxy:master Aug 12, 2018
@buchdag buchdag deleted the default-cert-key branch August 12, 2018 12:50
@buchdag buchdag mentioned this pull request Aug 12, 2018
Closed
@buchdag buchdag mentioned this pull request May 3, 2019
Closed
@buchdag buchdag added the kind/feature-request Issue requesting a new feature label Oct 10, 2019
@buchdag buchdag mentioned this pull request Oct 8, 2020
Closed
@buchdag buchdag mentioned this pull request Dec 27, 2020
Closed
@buchdag buchdag mentioned this pull request Oct 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JrCs JrCs JrCs approved these changes

Assignees
No one assigned
Labels
kind/feature-request Issue requesting a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@buchdag @JrCs