2019-12-14 23:02:41 +00:00
|
|
|
title: 100% automated, official certificates for your Docker container
|
|
|
|
---
|
|
|
|
pub_date: 2019-12-15
|
|
|
|
---
|
|
|
|
author: ungleich virtualisation team
|
|
|
|
---
|
|
|
|
twitter_handle: ungleich
|
|
|
|
---
|
2019-12-14 23:04:42 +00:00
|
|
|
_hidden: no
|
2019-12-14 23:02:41 +00:00
|
|
|
---
|
2019-12-14 23:04:42 +00:00
|
|
|
_discoverable: yes
|
2019-12-14 23:02:41 +00:00
|
|
|
---
|
|
|
|
abstract:
|
|
|
|
Docker containers can now run fully https secured.
|
|
|
|
---
|
|
|
|
body:
|
|
|
|
|
|
|
|
## TL;DR
|
|
|
|
|
|
|
|
Run
|
|
|
|
```
|
|
|
|
id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
|
|
|
|
docker logs ${id} 2>/dev/null | grep "^Getting certificate"
|
|
|
|
```
|
|
|
|
to create a docker container with full https enabled.
|
|
|
|
**Attention:** You do need to
|
|
|
|
[enable IPv6 in docker before](https://ungleich.ch/u/blog/how-to-enable-ipv6-in-docker/).
|
|
|
|
|
|
|
|
## How it works
|
|
|
|
|
|
|
|
Any computer with a valid IPv6 address can retrieve a valid
|
|
|
|
certificate from [letsencrypt](https://letsencrypt.org/). This is
|
|
|
|
possible due to the
|
|
|
|
[has-a.name](https://ungleich.ch/u/blog/has-a-name-for-every-ipv6-address/)
|
|
|
|
domain, which gives a name to **every possible IPv6 address out
|
|
|
|
there**.
|
|
|
|
|
|
|
|
In the docker container we retrieve its IPv6 address, turn it into a
|
|
|
|
name and then request a certificate from letsencrypt.
|
|
|
|
|
|
|
|
## How is this useful?
|
|
|
|
|
|
|
|
Finally all your docker containers can be world wide reachable, fully
|
|
|
|
secured without any manual configuration required.
|
|
|
|
|
|
|
|
This way you can expose in-development containers directly to your
|
|
|
|
customer or even locally test with https instead of http.
|
|
|
|
|
|
|
|
## Why is this great?
|
|
|
|
|
|
|
|
This is the first service that allows you to fully automated https on
|
|
|
|
any docker container without manual intervention. You can just fire it
|
|
|
|
up and https is running with an official certificate.
|
|
|
|
|
|
|
|
## Developing on top of it
|
|
|
|
|
|
|
|
You can also build your own container based
|
|
|
|
on the
|
|
|
|
[ungleich/nginx-letsencrypt-ipv6
|
|
|
|
container](https://hub.docker.com/r/ungleich/nginx-letsencrypt-ipv6).
|
|
|
|
Simply use the standard **FROM** statement in your dockerfile and
|
|
|
|
enjoy a read-to-use-https-container.
|
2019-12-14 23:04:42 +00:00
|
|
|
|
|
|
|
## Trying it out
|
|
|
|
|
|
|
|
If you don't happen to have a host with an IPv6 network available, you
|
|
|
|
can try it out on a VM on [IPv6onlyhosting.com](https://IPv6OnlyHosting.com].
|