docker compose 3.1(swarm), secrets, ssl and nginx
I have a nginx running inside a docker container. In the nginx conf file inside the server block, I have put in the ssl config – the port, the crt and the key. The simplest possible way for nginx to find the crt and key files is that I create a docker secret for the 2 files and it gets mounted at /run/secrets/ when the service is spawned. I however, want to have the crt and key files inside the docker image which can be like out of the box files that nginx can use and if a customer creates a secret, and plugs the crt and key files, I want nginx to use those. Going by the 3.1 compose file docs for secret, I have realized that either the secret must pre-exist or must be created as a part of compose file. Now the challenge is, if it must pre-exist, then I am enforcing the customer to create a secret(which means not only create a secret but also have crt and key files ready to be given as input to the create secret command). If I create it in the compose file, I still need access to the crt and key files that customer must provide. Which means, in either case, the thing does not work out of the box. How do I solve this? If someone has read this far and still has not lost interest, even if above gets solved, the other issue I am facing is that in the nginx conf, I cannot specify 2 certificates in the order of priority in which to pick them under the same server block. Anyone has any idea on this too?
Docker Compose + Swarm + Machine Networking issue
docker-compose build image parameters --force-rm --pull
linking 2 containers through docker compose
Files created by manage.py commands not chown'd from root user
Is it possible to create an intermediate image within docker-compose?
docker-compose service listen on specified interface
Does Docker-Compose allow overwriting of ports when using extends?
Jhipster Docker-compose conflict
Build multiple images with Docker Compose?
JHipster Cassandra Docker Build
Defining project name inside docker-compose configuration
Docker-compose named mounted volume
cannot ping linked docker container service
How to do variable substitution in env_file?
How to create stack in tutum with docker-compose.yml file?
ecs-cli docker compose version