Nginx ssl server

I am trying to create an nginx image to run locally as an https web server. The following Dockerfile creates the image, which then fails to run with:

2022/10/06 23:54:05 [emerg] 1#1: cannot load certificate “/etc/nginx/conf.d/localhost.crt”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate “/etc/nginx/conf.d/localhost.crt”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Here is my Dockerfile and the conf file I am copying into the nginx image:

FROM nginx:latest
EXPOSE 80
EXPOSE 443
LABEL author="xyz"
RUN openssl genrsa -out /etc/nginx/conf.d/localhost.key 2048
RUN openssl rsa -in /etc/nginx/conf.d/localhost.key -pubout -out /etc/nginx/conf.d/localhost.crt  
COPY default.conf /etc/nginx/conf.d/
CMD ["nginx", "-g", "daemon off;"]

Source default.conf:

server {
    listen       80;
    listen       443 ssl;
    listen  [::]:80;
    server_name  localhost;
    ssl_certificate /etc/nginx/conf.d/localhost.csr;
    ssl_certificate_key /etc/nginx/conf.d/localhost.crt;    

Figured it out:

FROM nginx:latest
EXPOSE 80
EXPOSE 443
LABEL author="..."
RUN openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/nginx/conf.d/localhost.key -out /etc/nginx/conf.d/localhost.crt \
     -sha256 -days 365 -subj "/C=US/ST=WA/L=Seattle/O=Your Company, Inc./OU=IT/CN=localhost"
COPY default.conf /etc/nginx/conf.d/
CMD ["nginx", "-g", "daemon off;"]'

default.conf includes:

    ssl_certificate /etc/nginx/conf.d/localhost.crt;
    ssl_certificate_key /etc/nginx/conf.d/localhost.key;   
1 Like