++docker ++ssl

2019-12-15 00:02:41 +01:00 · 2019-12-15 00:02:41 +01:00 · 93144768cb
commit 93144768cb
parent 5a27ba2141
2 changed files with 65 additions and 2 deletions
--- a/content/u/blog/fully-automated-ssl-certificates-for-docker/contents.lr
+++ b/content/u/blog/fully-automated-ssl-certificates-for-docker/contents.lr
@ -0,0 +1,62 @@
+title: 100% automated, official certificates for your Docker container
+---
+pub_date: 2019-12-15
+---
+author: ungleich virtualisation team
+---
+twitter_handle: ungleich
+---
+_hidden: yes
+---
+_discoverable: no
+---
+abstract:
+Docker containers can now run fully https secured.
+---
+body:
+
+## TL;DR
+
+Run
+```
+id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
+docker logs ${id} 2>/dev/null | grep "^Getting certificate"
+```
+to create a docker container with full https enabled.
+**Attention:** You do need to
+[enable IPv6 in docker before](https://ungleich.ch/u/blog/how-to-enable-ipv6-in-docker/).
+
+## How it works
+
+Any computer with a valid IPv6 address can retrieve a valid
+certificate from [letsencrypt](https://letsencrypt.org/). This is
+possible due to the
+[has-a.name](https://ungleich.ch/u/blog/has-a-name-for-every-ipv6-address/)
+domain, which gives a name to **every possible IPv6 address out
+there**.
+
+In the docker container we retrieve its IPv6 address, turn it into a
+name and then request a certificate from letsencrypt.
+
+## How is this useful?
+
+Finally all your docker containers can be world wide reachable, fully
+secured without any manual configuration required.
+
+This way you can expose in-development containers directly to your
+customer or even locally test with https instead of http.
+
+## Why is this great?
+
+This is the first service that allows you to fully automated https on
+any docker container without manual intervention. You can just fire it
+up and https is running with an official certificate.
+
+## Developing on top of it
+
+You can also build your own container based
+on the
+[ungleich/nginx-letsencrypt-ipv6
+container](https://hub.docker.com/r/ungleich/nginx-letsencrypt-ipv6).
+Simply use the standard **FROM** statement in your dockerfile and
+enjoy a read-to-use-https-container.
--- a/content/u/blog/how-to-enable-ipv6-in-docker/contents.lr
+++ b/content/u/blog/how-to-enable-ipv6-in-docker/contents.lr
@ -74,8 +74,9 @@ Switzerland based offer.
 ## IPv6++

 If you want to learn more about IPv6 or how to secure your docker
-containers, stay tuned for the next blog posts, which will explain on
-how to secure access to your docker containers.
+containers, stay tuned for the next blog posts, [which will explain on
+how to secure access to your docker
+containers](https://ungleich.ch/u/blog/securing-network-access-to-ipv6-docker-containers/).

 In the mean time, you can also join the IPv6 discussion on
 [IPv6.Chat](https://IPv6.chat) or if you want to spawn your docker