An open API service indexing awesome lists of open source software.

https://github.com/arillo/docker-nginx-ssl-proxy


https://github.com/arillo/docker-nginx-ssl-proxy

Last synced: 5 months ago
JSON representation

Awesome Lists containing this project

README

          

# arillo/nginx-ssl-proxy

## Building the Image

Build

```shell
docker build -t arillo/nginx-ssl-proxy .
```

Push to docker registry

```shell
docker push arillo/nginx-ssl-proxy
```

## Using with Kubernetes
This image is optimized for use in a Kubernetes cluster to provide SSL termination for other services in the cluster. It should be deployed as a [Kubernetes replication controller](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/replication-controller.md) with a [service and public load balancer](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/services.md) in front of it. SSL certificates, keys, and other secrets are managed via the [Kubernetes Secrets API](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md).

## Prepare certificate

Create certificate request

```shell
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
```

Bundle certificates

```shell
cat www_yourdomain_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
```

## Run an SSL Termination Proxy from the CLI
To run an SSL termination proxy you must have an existing SSL certificate and key. These instructions assume they are stored at /path/to/secrets/ and named `cert.crt` and `key.pem`. You'll need to change those values based on your actual file path and names.

1. **Create a DHE Param**

The nginx SSL configuration for this image also requires that you generate your own DHE parameter. It's easy and takes just a few minutes to complete:

```shell
openssl dhparam -out /path/to/secrets/dhparam.pem 2048
```

2. **Launch a Container**

Modify the below command to include the actual address or host name you want to proxy to, as well as the correct /path/to/secrets for your certificate, key, and dhparam:

```shell
docker run \
-e ENABLE_SSL=true \
-e TARGET_SERVICE=THE_ADDRESS_OR_HOST_YOU_ARE_PROXYING_TO \
-v /path/to/secrets/cert.crt:/etc/secrets/proxycert \
-v /path/to/secrets/key.pem:/etc/secrets/proxykey \
-v /path/to/secrets/dhparam.pem:/etc/secrets/dhparam \
nginx-ssl-proxy
```
The really important thing here is that you map in your cert to `/etc/secrets/proxycert`, your key to `/etc/secrets/proxykey`, and your dhparam to `/etc/secrets/dhparam` as shown in the command above.