#docker #ssl #docker-compose #openssl
Вопрос:
я хочу сгенерировать сертификат SSL для своего виртуального хоста apache, который находится в контейнере docker, и мне нужно изменить файл .cnf для openssl, чтобы добавить имя объекта. Я пытаюсь связать папку хоста с моей конф, а затем при создании ssl пытаюсь указать на эту папку в контейнере, но я получаю:
#12 0.218 req: Не удается открыть входной файл /etc/ssl/customconf/openssl.cnf, такого файла или каталога нет
Вот мой docker-compose: (var SSLCONF_DIR пуст, ./config/sslconf-путь к папке пользовательской конфигурации)
version: "3"
services:
webserver:
build:
context: ./bin/${PHPVERSION}
container_name: '${COMPOSE_PROJECT_NAME}-${PHPVERSION}'
restart: 'always'
ports:
- "${HOST_MACHINE_UNSECURE_HOST_PORT}:80"
- "${HOST_MACHINE_SECURE_HOST_PORT}:443"
links:
- database
volumes:
- ${DOCUMENT_ROOT-./www}:/var/www/html
- ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/php.ini
- ${VHOSTS_DIR-./config/vhosts}:/etc/apache2/sites-enabled
- ${LOG_DIR-./logs/apache2}:/var/log/apache2
- ${SSLCONF_DIR-./config/sslconf}:/etc/ssl/customconf
environment:
APACHE_DOCUMENT_ROOT: ${APACHE_DOCUMENT_ROOT-/var/www/html}
PMA_PORT: ${HOST_MACHINE_PMA_PORT}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
database:
build:
context: "./bin/${DATABASE}"
container_name: '${COMPOSE_PROJECT_NAME}-database'
restart: 'always'
ports:
- "127.0.0.1:${HOST_MACHINE_MYSQL_PORT}:3306"
volumes:
- ${MYSQL_DATA_DIR-./data/mysql}:/var/lib/mysql
- ${MYSQL_LOG_DIR-./logs/mysql}:/var/log/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: '${COMPOSE_PROJECT_NAME}-phpmyadmin'
links:
- database
environment:
PMA_HOST: database
PMA_PORT: 3306
PMA_USER: root
PMA_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
ports:
- '${HOST_MACHINE_PMA_PORT}:80'
volumes:
- /sessions
- ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/conf.d/php-phpmyadmin.ini
redis:
container_name: '${COMPOSE_PROJECT_NAME}-redis'
image: redis:latest
ports:
- "127.0.0.1:${HOST_MACHINE_REDIS_PORT}:6379"
И файл докера, о котором идет речь: (./bin/php73/Файл докера)
FROM php:7.3-apache-stretch
# Surpresses debconf complaints of trying to install apt packages interactively
# https://github.com/moby/moby/issues/4032#issuecomment-192327844
ARG DEBIAN_FRONTEND=noninteractive
# Update
RUN apt-get -y update --fix-missing amp;amp;
apt-get upgrade -y amp;amp;
apt-get --no-install-recommends install -y apt-utils amp;amp;
rm -rf /var/lib/apt/lists/*
# Install useful tools and install important libaries
RUN apt-get -y update amp;amp;
apt-get -y --no-install-recommends install nano wget dialog libsqlite3-dev libsqlite3-0 amp;amp;
apt-get -y --no-install-recommends install mysql-client zlib1g-dev libzip-dev libicu-dev amp;amp;
apt-get -y --no-install-recommends install --fix-missing apt-utils build-essential git curl amp;amp;
apt-get -y --no-install-recommends install --fix-missing libcurl3 libcurl3-dev zip openssl amp;amp;
rm -rf /var/lib/apt/lists/* amp;amp;
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Install xdebug
RUN pecl install xdebug-2.7.2 amp;amp;
docker-php-ext-enable xdebug
# Install redis
RUN pecl install redis-5.0.2 amp;amp;
docker-php-ext-enable redis
# Other PHP7 Extensions
RUN docker-php-ext-install pdo_mysql amp;amp;
docker-php-ext-install pdo_sqlite amp;amp;
docker-php-ext-install mysqli amp;amp;
docker-php-ext-install curl amp;amp;
docker-php-ext-install tokenizer amp;amp;
docker-php-ext-install json amp;amp;
docker-php-ext-install zip amp;amp;
docker-php-ext-install -j$(nproc) intl amp;amp;
docker-php-ext-install mbstring amp;amp;
docker-php-ext-install gettext
# Install Freetype
RUN apt-get -y update amp;amp;
apt-get --no-install-recommends install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev amp;amp;
rm -rf /var/lib/apt/lists/* amp;amp;
docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ amp;amp;
docker-php-ext-install -j$(nproc) gd
RUN mkdir -p /etc/apache2/ssl
RUN openssl req
-newkey rsa:2048
-x509
-nodes
-keyout /etc/apache2/ssl/ssl-produktymdd.key
-new
-out /etc/apache2/ssl/ssl-produktymdd.crt
-subj /CN=produktymdd.local
-config /etc/ssl/customconf/openssl.cnf
-sha256
-days 3650
# Enable apache modules
RUN a2enmod rewrite headers deflate expires
RUN a2enmod ssl
# Cleanup
RUN rm -rf /usr/src/*