ungleich-staticcms/content/u/blog/fully-automated-ssl-certificates-for-docker/contents.lr

68 lines
1.9 KiB
Text
Raw Normal View History

2019-12-14 23:02:41 +00:00
title: 100% automated, official certificates for your Docker container
---
pub_date: 2019-12-15
---
author: ungleich virtualisation team
---
twitter_handle: ungleich
---
2019-12-14 23:04:42 +00:00
_hidden: no
2019-12-14 23:02:41 +00:00
---
2019-12-14 23:04:42 +00:00
_discoverable: yes
2019-12-14 23:02:41 +00:00
---
abstract:
Docker containers can now run fully https secured.
---
body:
## TL;DR
Run
```
id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
docker logs ${id} 2>/dev/null | grep "^Getting certificate"
```
to create a docker container with full https enabled.
**Attention:** You do need to
[enable IPv6 in docker before](https://ungleich.ch/u/blog/how-to-enable-ipv6-in-docker/).
## How it works
Any computer with a valid IPv6 address can retrieve a valid
certificate from [letsencrypt](https://letsencrypt.org/). This is
possible due to the
[has-a.name](https://ungleich.ch/u/blog/has-a-name-for-every-ipv6-address/)
domain, which gives a name to **every possible IPv6 address out
there**.
In the docker container we retrieve its IPv6 address, turn it into a
name and then request a certificate from letsencrypt.
## How is this useful?
Finally all your docker containers can be world wide reachable, fully
secured without any manual configuration required.
This way you can expose in-development containers directly to your
customer or even locally test with https instead of http.
## Why is this great?
This is the first service that allows you to fully automated https on
any docker container without manual intervention. You can just fire it
up and https is running with an official certificate.
## Developing on top of it
You can also build your own container based
on the
[ungleich/nginx-letsencrypt-ipv6
container](https://hub.docker.com/r/ungleich/nginx-letsencrypt-ipv6).
Simply use the standard **FROM** statement in your dockerfile and
enjoy a read-to-use-https-container.
2019-12-14 23:04:42 +00:00
## Trying it out
If you don't happen to have a host with an IPv6 network available, you
can try it out on a VM on [IPv6onlyhosting.com](https://IPv6OnlyHosting.com].