docker-compose


docker compose 3.1(swarm), secrets, ssl and nginx


I have a nginx running inside a docker container. In the nginx conf file inside the server block, I have put in the ssl config – the port, the crt and the key. The simplest possible way for nginx to find the crt and key files is that I create a docker secret for the 2 files and it gets mounted at /run/secrets/ when the service is spawned. I however, want to have the crt and key files inside the docker image which can be like out of the box files that nginx can use and if a customer creates a secret, and plugs the crt and key files, I want nginx to use those.
Going by the 3.1 compose file docs for secret, I have realized that either the secret must pre-exist or must be created as a part of compose file. Now the challenge is, if it must pre-exist, then I am enforcing the customer to create a secret(which means not only create a secret but also have crt and key files ready to be given as input to the create secret command). If I create it in the compose file, I still need access to the crt and key files that customer must provide. Which means, in either case, the thing does not work out of the box.
How do I solve this?
If someone has read this far and still has not lost interest, even if above gets solved, the other issue I am facing is that in the nginx conf, I cannot specify 2 certificates in the order of priority in which to pick them under the same server block. Anyone has any idea on this too?

Related Links

How to monitor / discover more docker containers with prometheus
two docker-compose .yml in the same network with COMPOSE_PROJECT_NAME
docker compose 3.1(swarm), secrets, ssl and nginx
What is the version directive for?
How to run docker-compose up -d at system start up?
In Docker Compose can I have services exiting
Docker compose - secrets Additional property secrets is not allowed
docker-compose mounted volume remain
Should I do anything after upgrading docker-compose?
docker caddy proxy not forwarding
docker share OS volume between services
How dynamic map service name to ENV var
docker-compose v3 services on several networks
URL for cloudant on docker compose
Apache Metron Docker Compose Start Up Error
Apache Metron Docker Compose Start Up Error (Repost)

Categories

HOME
actionscript-3
skype-for-business
kendo-ui-angular2
optimization
azure-active-directory
pyspark
ms-application-insights
overrides
jcodemodel
adroitlogic
saucelabs
jinja2
sha1
openstack-horizon
facebook-marketing-api
ringcentral
spring-webflow
computation-theory
vala
advertising
orgchart
uibarbuttonitem
custom-fields
xlib
spring-oauth2
luhn
node-soap
bootcamp
nscollectionview
julia-jump
sknode
test-kitchen
paperclip
rexx
inner-join
geminabox
remap
aws-rds
activesupport
seyren
kendo-scheduler
hellosign
dmalloc
blackberry
msiexec
sharing
android-music-player
access-violation
init
csc
archiva
calc
music-player
fadein
kramdown
musicbrainz
textblob
nmock
eula
log-analysis
cordova-3
xcode5
diffmerge
livescript
disparity-mapping
nest-initiative
drawable
disabled-control
triplestore
visual-c#-express-2010
reactjs-native
rda
winrun4j
html5-filesystem
android-jack-and-jill
node-amqp
maven-javadoc-plugin
surfaceview
infomaker
cloudmade
ntdll
libx264
ios6-maps
jquery-ui-map
mvcmailer
mcpd
httppostedfilebase
overlays
cstring
httpbrowsercapabilities
software-update
asp.net-1.1
tracd

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App