vgk/ungleich-staticcms
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

++docker ++ssl

Browse source
This commit is contained in:
Nico Schottelius 2019-12-15 00:02:41 +01:00
parent 5a27ba2141
commit 93144768cb
2 changed files with 65 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
content/u/blog/fully-automated-ssl-certificates-for-docker/contents.lr Normal file
View file

@ -0,0 +1,62 @@
title: 100% automated, official certificates for your Docker container
---
pub_date: 2019-12-15
---
author: ungleich virtualisation team
---
twitter_handle: ungleich
---
_hidden: yes
---
_discoverable: no
---
abstract:
Docker containers can now run fully https secured.
---
body:
## TL;DR
Run
```
id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
docker logs ${id} 2>/dev/null | grep "^Getting certificate"
```
to create a docker container with full https enabled.
**Attention:** You do need to
[enable IPv6 in docker before](https://ungleich.ch/u/blog/how-to-enable-ipv6-in-docker/).
## How it works
Any computer with a valid IPv6 address can retrieve a valid
certificate from [letsencrypt](https://letsencrypt.org/). This is
possible due to the
[has-a.name](https://ungleich.ch/u/blog/has-a-name-for-every-ipv6-address/)
domain, which gives a name to **every possible IPv6 address out
there**.
In the docker container we retrieve its IPv6 address, turn it into a
name and then request a certificate from letsencrypt.
## How is this useful?
Finally all your docker containers can be world wide reachable, fully
secured without any manual configuration required.
This way you can expose in-development containers directly to your
customer or even locally test with https instead of http.
## Why is this great?
This is the first service that allows you to fully automated https on
any docker container without manual intervention. You can just fire it
up and https is running with an official certificate.
## Developing on top of it
You can also build your own container based
on the
[ungleich/nginx-letsencrypt-ipv6
container](https://hub.docker.com/r/ungleich/nginx-letsencrypt-ipv6).
Simply use the standard **FROM** statement in your dockerfile and
enjoy a read-to-use-https-container.

5
content/u/blog/how-to-enable-ipv6-in-docker/contents.lr
View file

@ -74,8 +74,9 @@ Switzerland based offer.
## IPv6++ ## IPv6++
If you want to learn more about IPv6 or how to secure your docker If you want to learn more about IPv6 or how to secure your docker
containers, stay tuned for the next blog posts, which will explain on containers, stay tuned for the next blog posts, [which will explain on
how to secure access to your docker containers. how to secure access to your docker
containers](https://ungleich.ch/u/blog/securing-network-access-to-ipv6-docker-containers/).
In the mean time, you can also join the IPv6 discussion on In the mean time, you can also join the IPv6 discussion on
[IPv6.Chat](https://IPv6.chat) or if you want to spawn your docker [IPv6.Chat](https://IPv6.chat) or if you want to spawn your docker