Docker Community Forums

Share and learn in the Docker community.

Self Signed Certificates for docker multiple containers

swarm
dockerhub
docker

#1

Hi,
I’m very new to Docker and I need help.
I need to know how to set self-signed certificates for docker multiple containers,
using docker-compose I’m just running 5 node service as each container and each container must communicate with other by https.

note: self-signed certificates generated for localhost, not domain or sub-domain. any guidance and thanks

I have successfully generated the certificate and added to the service to run in HTTPS, but without rejectUnauthorized: false or NODE_TLS_REJECT_UNAUTHORIZED = '0' I can’t able to access the API.
is there any other way to make it secure.
(or)
Is there any way to add common SSL to Docker containers and runs in HTTPS with secure way?


(Ove "Lime" Lindström) #2

I would actually use a service like xip.io or ngrok.com to create tunnels and dns-support into the localhost and generate a *.xip.io or *.ngrok.com certificate. Something like this:

To create a key.

openssl genrsa -out certs/ngrok.com.key 1024

Create a certificate signing request (CSR). The command is as follows.

openssl req -new \
    -key certs/ngrok.com.key \
    -out certs/ngrok.com.csr

Only important field is “Common Name (e.g. server FQDN or YOUR name)” that must be *.ngrok.com.

Create the certificate.

openssl x509 -req -days 365 \
    -in certs//ngrok.com.csr \
    -signkey certs//ngrok.com.key \
    -out certs/ngrok.com.crt

As a result, we have the crt , csr , and key files.

I alway pack them in a pemfile.

cat certs/ngrok.com.crt certs/ngrok.com.key \ 
     | tee certs/ngrok.com.pem

You should then use docker secrets to distribute your ngrok.com.pem file into the different containers.


#3

Thanks for the reply.
Is there any way to add common SSL to Docker containers and run each service with HTTPS with secure way?