docker-compose


docker compose 3.1(swarm), secrets, ssl and nginx


I have a nginx running inside a docker container. In the nginx conf file inside the server block, I have put in the ssl config – the port, the crt and the key. The simplest possible way for nginx to find the crt and key files is that I create a docker secret for the 2 files and it gets mounted at /run/secrets/ when the service is spawned. I however, want to have the crt and key files inside the docker image which can be like out of the box files that nginx can use and if a customer creates a secret, and plugs the crt and key files, I want nginx to use those.
Going by the 3.1 compose file docs for secret, I have realized that either the secret must pre-exist or must be created as a part of compose file. Now the challenge is, if it must pre-exist, then I am enforcing the customer to create a secret(which means not only create a secret but also have crt and key files ready to be given as input to the create secret command). If I create it in the compose file, I still need access to the crt and key files that customer must provide. Which means, in either case, the thing does not work out of the box.
How do I solve this?
If someone has read this far and still has not lost interest, even if above gets solved, the other issue I am facing is that in the nginx conf, I cannot specify 2 certificates in the order of priority in which to pick them under the same server block. Anyone has any idea on this too?

Related Links

Docker Compose + Swarm + Machine Networking issue
docker-compose build image parameters --force-rm --pull
linking 2 containers through docker compose
Files created by manage.py commands not chown'd from root user
Is it possible to create an intermediate image within docker-compose?
docker-compose service listen on specified interface
Does Docker-Compose allow overwriting of ports when using extends?
Jhipster Docker-compose conflict
Build multiple images with Docker Compose?
JHipster Cassandra Docker Build
Defining project name inside docker-compose configuration
Docker-compose named mounted volume
cannot ping linked docker container service
How to do variable substitution in env_file?
How to create stack in tutum with docker-compose.yml file?
ecs-cli docker compose version

Categories

HOME
pact
classification
macros
primefaces
intellij-idea
postgresql-9.3
c++builder
postsharp
mifare
css-selectors
angularjs-directive
glympse
zabbix
digital
watson-dialog
mbed
javascript-debugger
swift3.1
brightway
facebook-marketing-api
template10
ofbiz
jquery-easyui
ejb-3.1
beaker-notebook
smali
fastboot
aws-iot
v4l2
pumping-lemma
android-xml
traveling-salesman
orgchart
tftp
launchd
pushpad
hierarchy
ocl
schedule
deferred
boost-log
multilanguage
language-detection
jsonapi-resources
traitsui
webmock
machine-code
border-layout
kdevelop
compiled-query
gradlew
piranha-cms
noise
google-cloud-shell
enet
dynamic-linking
htop
senti-wordnet
lattice
spring-social-twitter
konakart
netlink
gdi
code-translation
video-embedding
jsondoc
ruby-1.8.7
producer-consumer
vanilla-forums
vectordrawable
opennebula
mergecursor
minko
connection-timeout
jad
xcode5
dojox.grid
xpand
connections
pthreads-win32
misfire-instruction
bho
microsoft-speech-platform
antixsslibrary
idoc
junit-rule
jqueryi-ui-buttonset
maven-eclipse-plugin
yii-cactiverecord
cgaffinetransform
wdm
opendir
gmagick
file-processing
service-layer
xcdatamodel
xslt-grouping
hp-trim
bootstrap-protocol

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App