++docker ++ssl
This commit is contained in:
Nico Schottelius
parent
5a27ba2141
commit
93144768cb
2 changed files with 65 additions and 2 deletions
|
|
@ -0,0 +1,62 @@
|
|||
title: 100% automated, official certificates for your Docker container
|
||||
---
|
||||
pub_date: 2019-12-15
|
||||
---
|
||||
author: ungleich virtualisation team
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
Docker containers can now run fully https secured.
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
Run
|
||||
```
|
||||
id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
|
||||
docker logs ${id} 2>/dev/null | grep "^Getting certificate"
|
||||
```
|
||||
to create a docker container with full https enabled.
|
||||
**Attention:** You do need to
|
||||
[enable IPv6 in docker before](https://ungleich.ch/u/blog/how-to-enable-ipv6-in-docker/).
|
||||
|
||||
## How it works
|
||||
|
||||
Any computer with a valid IPv6 address can retrieve a valid
|
||||
certificate from [letsencrypt](https://letsencrypt.org/). This is
|
||||
possible due to the
|
||||
[has-a.name](https://ungleich.ch/u/blog/has-a-name-for-every-ipv6-address/)
|
||||
domain, which gives a name to **every possible IPv6 address out
|
||||
there**.
|
||||
|
||||
In the docker container we retrieve its IPv6 address, turn it into a
|
||||
name and then request a certificate from letsencrypt.
|
||||
|
||||
## How is this useful?
|
||||
|
||||
Finally all your docker containers can be world wide reachable, fully
|
||||
secured without any manual configuration required.
|
||||
|
||||
This way you can expose in-development containers directly to your
|
||||
customer or even locally test with https instead of http.
|
||||
|
||||
## Why is this great?
|
||||
|
||||
This is the first service that allows you to fully automated https on
|
||||
any docker container without manual intervention. You can just fire it
|
||||
up and https is running with an official certificate.
|
||||
|
||||
## Developing on top of it
|
||||
|
||||
You can also build your own container based
|
||||
on the
|
||||
[ungleich/nginx-letsencrypt-ipv6
|
||||
container](https://hub.docker.com/r/ungleich/nginx-letsencrypt-ipv6).
|
||||
Simply use the standard **FROM** statement in your dockerfile and
|
||||
enjoy a read-to-use-https-container.
|
||||
|
|
@ -74,8 +74,9 @@ Switzerland based offer.
|
|||
## IPv6++
|
||||
|
||||
If you want to learn more about IPv6 or how to secure your docker
|
||||
containers, stay tuned for the next blog posts, which will explain on
|
||||
how to secure access to your docker containers.
|
||||
containers, stay tuned for the next blog posts, [which will explain on
|
||||
how to secure access to your docker
|
||||
containers](https://ungleich.ch/u/blog/securing-network-access-to-ipv6-docker-containers/).
|
||||
|
||||
In the mean time, you can also join the IPv6 discussion on
|
||||
[IPv6.Chat](https://IPv6.chat) or if you want to spawn your docker
|
||||
|
|
|
|||
Loading…
Reference in a new issue