Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fsouza/docker-ssl-proxy

Builds a docker image that proxies SSL calls to another docker container (fork of bombbomb/docker-ssl-proxy)
https://github.com/fsouza/docker-ssl-proxy

Last synced: about 2 months ago
JSON representation

Builds a docker image that proxies SSL calls to another docker container (fork of bombbomb/docker-ssl-proxy)

Host: GitHub
URL: https://github.com/fsouza/docker-ssl-proxy
Owner: fsouza
License: bsd-2-clause
Created: 2016-06-16T16:34:07.000Z (over 8 years ago)
Default Branch: main
Last Pushed: 2024-08-01T07:14:40.000Z (about 2 months ago)
Last Synced: 2024-08-01T08:47:32.361Z (about 2 months ago)
Language: Shell
Homepage:
Size: 228 KB
Stars: 41
Watchers: 4
Forks: 21
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# docker-ssl-proxy

Builds a basic nginx server that proxies incoming SSL calls to a target host
(usually another Docker container).

## Environment variables

The following environment variables configure nginx and openssl:

- ``DOMAIN``: domain in the SSL certificate (default value: ``www.example.com``)
- ``ALT_NAMES``: optional comma-separated list of alternative domain names (e.g: ``example.net,example.tv``)
- ``TARGET_PORT``: target port for the reverse proxy (default value: ``80``)
- ``TARGET_HOST``: target host for the reverse proxy (default value: ``proxyapp``)
- ``TARGET_HOST_HEADER``: value to be used as the Host header when sending
requests to the target host (defaults to the value of ``$TARGET_HOST``)
- ``TARGET_FORWARDED_HOST_HEADER``: value to be used as the X-Forwarded-Host header when sending
requests to the target host (default value: ``$host``)
- ``CLIENT_MAX_BODY_SIZE``: maximum size of client uploads (default value: ``20M``)
- ``SSL_PORT``: port ngnix SSL proxy listens on

## Certificates and CA location

The SSL certificate is generated using a own-ROOT-ca that is available in the
directory ``/etc/nginx/ca``, you may use Docker volumes to share the CAs with
other containers, so they can trust the installed certificate.

Your container may initialise faster than docker-ssl-proxy; therefore your
start-up script should wait until the CA-cert has a non-zero size before
attempting to use it.

### Import CA cert into container
Example for Debian / Ubuntu, assuming volume mount of `./https-proxy-ca:/etc/ssl/shared-ca`:
```
cp /etc/ssl/shared-ca/rootCA.crt /usr/local/share/ca-certificates/
update-ca-certificates
```

### Import CA cert onto workstation

You can also install the shared CA cert on your workstation to automatically
trust all of your docker-ssl-proxy services in your browser, without having to
override security warnings each time you visit or restart the services.

Example for Mac OSX:
```
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain https-proxy-ca/rootCA.crt
```

## Using own Certificate

You can use existing SSL certificates for your ``DOMAIN``
by connecting an volume onto ``/etc/nginx/certs`` with following files inside:

- ``key.pem``: private key file
- ``cert.pem``: certificate file

The certificate generator will check on existing ``key.pem`` and abort.

## Docker Hub Image

You can get the publicly available docker image at
[fsouza/docker-ssl-proxy](https://registry.hub.docker.com/r/fsouza/docker-ssl-proxy/).