Como resolver “Este site não é seguro” em ambiente local com docker e docker-compose

my-project
-- docker-compose.yml
-- nginx (folder)
---- Dockerfile
---- default.conf
---- mydomain.local.ext
-- index.php
version: "3"services:
nginx:
build: ./nginx
container_name: nginx
ports:
- 80:80
- 443:443
volumes:
- $PWD/nginx/default.conf:/etc/nginx/conf.d/default.conf
- $PWD:/usr/share/nginx/html
- ssl:/etc/ssl
php:
image: php:7.1-fpm
container_name: php
volumes:
- $PWD:/var/www/html
volumes:
ssl:
FROM nginx:1.12
ADD ./mydomain.local.ext /etc/ssl/mydomain.local.ext
RUN apt-get update \
&& apt-get install -y openssl \
&& NAME=mydomain.local \
&& openssl genrsa -out /etc/ssl/myCA.key 2048 \
&& openssl req -x509 -new -nodes -key /etc/ssl/myCA.key -sha256 -days 3650 -out /etc/ssl/myCA.pem \
-subj "/C=PT/ST=Lisbon/L=Lisbon/O=MyCompany/OU=IT Department/CN=$NAME" \
&& openssl genrsa -out /etc/ssl/$NAME.key 2048 \
&& openssl req -new -key /etc/ssl/$NAME.key -out /etc/ssl/$NAME.csr \
-subj "/C=PT/ST=Lisbon/L=Lisbon/O=MyCompany/OU=IT Department/CN=$NAME" \
&& openssl x509 -req -in /etc/ssl/$NAME.csr -CA /etc/ssl/myCA.pem -CAkey /etc/ssl/myCA.key -CAcreateserial \
-out /etc/ssl/$NAME.crt -days 3650 -sha256 -extfile /etc/ssl/$NAME.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = mydomain.local
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.local;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/mydomain.local.crt;
ssl_certificate_key /etc/ssl/mydomain.local.key;
server_name mydomain.local;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$uri&$args;
}

location ~ \.php$ {
root /var/www/html;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SERVER_NAME $http_host;
include fastcgi_params;
}
}
<?php echo 'Olá Mundo'; ?>
docker-compose up -d
docker cp nginx:/etc/ssl/myCA.pem ~/Downloads/myCA.pem

Como importar o Certificate Authority no Google Chrome

Abre o Google Chrome » Clica nos três pontos » Settings » Privacy and Security » Security » Manage Certificates » Authorities » Import » Choose the copied file » Check all the checkboxes » Click Ok » Fecha e re-abre o Google Chrome.

Como importar o Certificate Authority no FireFox

Abre o FireFox » Clica nos três pontos » Preferences » Privacy and Security » Certificates » View Certificates » Authorities » Import… » Choose the copied file » Check all the checkboxes » Click Ok.

Como usar os certificados em outros containers

Às vezes vais precisar de usar certificados em outros containers. Para fazer isso é muito simples, basta adicionar o volume ssl ao respectivo container. Abaixo, mostro-te como podes fazer isso num caso real (eu vou fazer isso para o Mosquitto Broker).

mqtt:
image: eclipse-mosquitto:1.6.12
container_name: mqtt
depends_on:
- nginx
ports:
- 1883:1883
- 1884:1884
volumes:
- ssl:/mosquitto/ssl

--

--

Full Stack Web Developer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store