How to fix unsecure connection in local environment with docker and docker-compose

my-project
-- docker-compose.yml
-- nginx (folder)
---- Dockerfile
---- default.conf
---- mydomain.local.ext
-- index.php
version: "3"services:
nginx:
build: ./nginx
container_name: nginx
ports:
- 80:80
- 443:443
volumes:
- $PWD/nginx/default.conf:/etc/nginx/conf.d/default.conf
- $PWD:/usr/share/nginx/html
- ssl:/etc/ssl
php:
image: php:7.1-fpm
container_name: php
volumes:
- $PWD:/var/www/html
volumes:
ssl:
FROM nginx:1.12
ADD ./mydomain.local.ext /etc/ssl/mydomain.local.ext
RUN apt-get update \
&& apt-get install -y openssl \
&& NAME=mydomain.local \
&& openssl genrsa -out /etc/ssl/myCA.key 2048 \
&& openssl req -x509 -new -nodes -key /etc/ssl/myCA.key -sha256 -days 3650 -out /etc/ssl/myCA.pem \
-subj "/C=PT/ST=Lisbon/L=Lisbon/O=MyCompany/OU=IT Department/CN=$NAME" \
&& openssl genrsa -out /etc/ssl/$NAME.key 2048 \
&& openssl req -new -key /etc/ssl/$NAME.key -out /etc/ssl/$NAME.csr \
-subj "/C=PT/ST=Lisbon/L=Lisbon/O=MyCompany/OU=IT Department/CN=$NAME" \
&& openssl x509 -req -in /etc/ssl/$NAME.csr -CA /etc/ssl/myCA.pem -CAkey /etc/ssl/myCA.key -CAcreateserial \
-out /etc/ssl/$NAME.crt -days 3650 -sha256 -extfile /etc/ssl/$NAME.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = mydomain.local
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.local;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/mydomain.local.crt;
ssl_certificate_key /etc/ssl/mydomain.local.key;
server_name mydomain.local;access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$uri&$args;
}
#error_page 404 /404.html;# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /var/www/html;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SERVER_NAME $http_host;
include fastcgi_params;
}
}
<?php echo 'Hello World'; ?>
docker-compose up -d
docker cp nginx:/etc/ssl/myCA.pem ~/Downloads/myCA.pem

How to import Certificate Authority in Google Chrome

How to import Certificate Authority in FireFox

How to use the certificates in other containers

mqtt:
image: eclipse-mosquitto:1.6.12
container_name: mqtt
depends_on:
- nginx
ports:
- 1883:1883
- 1884:1884
volumes:
- ssl:/mosquitto/ssl

--

--

--

Full Stack Web Developer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

#NoEstimates  —  Why I advocate this as a Software Engineer

Welcome to the Valluna Zone!

Digital Twins, or how to bridge the physical and digital world

Docker Container MongoDB

The Deception of One-liner Recipes

The Frontend Performance Checklist You Need For Ecommerce Success

bezi shop customer care number=. 9883906205=. 8167431604

SMTChecker: (almost) practical superpower

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Luis Coutinho

Luis Coutinho

Full Stack Web Developer

More from Medium

SECURE MongoDB UBUNTU SERVER!*

Getting Started with Database: Linux

Detecting a rogue Nodejs function in production

How to Install KeyCloak 17 on Windows Machine