https://github.com/arillo/docker-nginx-ssl-proxy
https://github.com/arillo/docker-nginx-ssl-proxy
Last synced: 5 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/arillo/docker-nginx-ssl-proxy
- Owner: arillo
- Created: 2016-03-13T13:21:19.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2016-03-13T13:21:50.000Z (over 10 years ago)
- Last Synced: 2025-09-18T09:07:07.605Z (10 months ago)
- Language: Nginx
- Size: 2.93 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# arillo/nginx-ssl-proxy
## Building the Image
Build
```shell
docker build -t arillo/nginx-ssl-proxy .
```
Push to docker registry
```shell
docker push arillo/nginx-ssl-proxy
```
## Using with Kubernetes
This image is optimized for use in a Kubernetes cluster to provide SSL termination for other services in the cluster. It should be deployed as a [Kubernetes replication controller](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/replication-controller.md) with a [service and public load balancer](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/services.md) in front of it. SSL certificates, keys, and other secrets are managed via the [Kubernetes Secrets API](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md).
## Prepare certificate
Create certificate request
```shell
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
```
Bundle certificates
```shell
cat www_yourdomain_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
```
## Run an SSL Termination Proxy from the CLI
To run an SSL termination proxy you must have an existing SSL certificate and key. These instructions assume they are stored at /path/to/secrets/ and named `cert.crt` and `key.pem`. You'll need to change those values based on your actual file path and names.
1. **Create a DHE Param**
The nginx SSL configuration for this image also requires that you generate your own DHE parameter. It's easy and takes just a few minutes to complete:
```shell
openssl dhparam -out /path/to/secrets/dhparam.pem 2048
```
2. **Launch a Container**
Modify the below command to include the actual address or host name you want to proxy to, as well as the correct /path/to/secrets for your certificate, key, and dhparam:
```shell
docker run \
-e ENABLE_SSL=true \
-e TARGET_SERVICE=THE_ADDRESS_OR_HOST_YOU_ARE_PROXYING_TO \
-v /path/to/secrets/cert.crt:/etc/secrets/proxycert \
-v /path/to/secrets/key.pem:/etc/secrets/proxykey \
-v /path/to/secrets/dhparam.pem:/etc/secrets/dhparam \
nginx-ssl-proxy
```
The really important thing here is that you map in your cert to `/etc/secrets/proxycert`, your key to `/etc/secrets/proxykey`, and your dhparam to `/etc/secrets/dhparam` as shown in the command above.