I got a docker image here that after a lot of work installs nicely on my m1 mac mini, but the problem I’ve stranded on is getting the self-signed certificate to work.

The error is as following when I do a sudo docker-compose up:

foobar-web-1  | /docker-entrypoint.sh: Configuration complete; ready for start up
foobar-web-1  | 2022/09/03 22:17:20 [emerg] 1#1: cannot load certificate key "/etc/ssl/nginx-selfsigned.key": BIO_new_file() failed (SSL: error:02001001:system library:fopen:Operation not permitted:fopen('/etc/ssl/nginx-selfsigned.key','r') error:2006D002:BIO routines:BIO_new_file:system lib)
foobar-web-1  | nginx: [emerg] cannot load certificate key "/etc/ssl/nginx-selfsigned.key": BIO_new_file() failed (SSL: error:02001001:system library:fopen:Operation not permitted:fopen('/etc/ssl/nginx-selfsigned.key','r') error:2006D002:BIO routines:BIO_new_file:system lib)
foobar-web-1 exited with code 1

when I do a sudo docker run --rm -it --entrypoint bash foobar-php

and a

root@c4b11c7fc7e0:/var/www/html# ls -l /etc/ssl/nginx-selfsigned.key
-rw------- 1 root root 1679 Sep  3 21:47 /etc/ssl/nginx-selfsigned.key

it is clearly there. Any suggestions on what to look out for? I can post the seup if required, just not sure what of it would be appropriate for this error.

Edit: The self signed ones are being copied in in the docker-compose.yml

    volumes:
....
      - ./ssl/nginx-selfsigned.crt:/etc/ssl/nginx-selfsigned.crt
      - ./ssl/nginx-selfsigned.key:/etc/ssl/nginx-selfsigned.key

And the certificate is valid.

That certificate is owned by rot and readable by root only. Nginx probably runs as “nginx” not as “root”. It depends on the image and I am not sure what image you use, but the user “nginx” is the default and the userid is 101 in the official nginx image.