SSL for Docker Containers Showing error


#1

Hi All,

  1. I have Docker I am running “N” number of containers for development for those containers I am running under Nginx-proxy container for domain naming.

  2. I am using this image for proxy “jwilder/nginx-proxy”

  3. my problem is I installed SSL for one of my dev server(ex:test1.site.net) that is working fine but when I installed for another container(test2.site.net) it’s installed properly but when I am accessing through the browser it showing error like this

This server could not prove that it is test2.site.net; its security certificate is from test1.site.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

  1. But each container has their own keys.

#2

And each has its’ own IP?
How does the proxy access the sites?


#3
  1. For all containers only one public ip but each container have private ip so proxy redirect traffic ussing domain names.
  2. Without public ip we cant asign SSL?

#4

You can use dns-01 - validation. But this is not the problem, because test1.site.net is working. Looks like a problem with the local configuration, so test2.site.net gets the wrong certificate.


#5

@bhargav4108 why are your containers issuing their own certificates if you are using nginx-proxy? Shouldn’t nginx-proxy be issuing certificates for each of your containers?

Are you using https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion as suggested by the nginx-proxy README?


#6

I hope this one is helpfull to me.

Thank you


#7

docker containers are stateless - you should insert certs as part of the startup process or share a volume with certificates

having spent the last 9 months working with kubernettes and docker the one i have learnt is how many people don’t get this concept


#8

so let me explain that a bit more

if you mount a volume of the underlying linux system (e.g. ubuntu) you should mount the etc/letsencrypt volume which will let you access certificates that the host has obtained

Otherwise you can insert the certificates you have obtained as environmental variables

i.e. -https://docs.docker.com/engine/reference/run/#env-environment-variables

the way you do it it’s up to you but you do need to keep that in mind. Containers are not virtual machines therefore persistence is not a an attribute that docker containers have

:smiley:

Let me know if you want a tutorial


#9

Thanks for your information, yes i need tutorials. i am begginer for docker can you please share.
I am not using docker for production, i started for developement servers.


#10

hi @bhargav4108

Someone else wrote a good tutorial :smiley:

Andrei


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.