SSL cert for nextcloud docker container


#1

I am having issues applying a cert to the nextcloud docker container, I am sure this is not as hard as it seems to be. I have created 2 certs with the below commands and have the apache “default-ssl.conf” file updated accordingly but still, I cannot get the site to load under “https”. I applied this same method to a server build of nextcloud (not a docker container) and it worked perfectly fine.

What I have done (Within the Docker container):
openssl genrsa -aes128 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -new -days 3650 -key server.key -out server.csr
nano /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile
/etc/ssl/private/server.crt

SSLCertificateKeyFile
/etc/ssl/private/server.key

a2ensite default-ssl
a2enmod ssl

For some reason this does not take from within the docker container.


#2

never ever do this. unless you don’t mind loosing your certificates when you update your container.
normally you want to create them on the host and map the folder with “-v /cert/path:/etc/ssl/private”

difficult to say without any details. any error message?
did you expose port 443?


#3

@Reiner_Nippes

I will give that a try, and yes I did expose :443. There were no error logs generated as this was an error but rather something that was not working. If I wanted to go the route I mentioned and not worry about updating the container, how would I go about doing that? do you know what I might have done wrong that wouldn’t have allowed my steps to work?

I did the steps mentioned on 2 separate webservers and it worked fine.
The ultimate goal is to have 2 independent docker containers on 2 independent servers acting as webservers with backend traffic encrypted with low AES128 on the backend for file transfers. Is that even possible with docker?


#4

you may look at the paulczar/omgwtfssl docker image. it’s a docker container to generate certificate. additional in the readme you find hints how to use these certificates.

where did you get the error? blank browser page? browser page saying wrong certificate?

the docker gurus use traefik or nginx (or haproxy) for this purpose.

that’s not a docker problem.
an example setup with traefik in front of several docker container you can find here: https://github.com/ReinerNippes/nextcloud_on_docker
some ideas about nextcloud cluster you find here: Help needed to setup a NC14 cluster
everything in the diagram you can put in a docker container.


#5

Against your recommendation, I went ahead and applied the cert to the container instead of the server but now I am getting an error message when trying to save the container so I can push it to another server if and when needed. Do you know why this error would be coming up?

Error: Error response from daemon: file integrity checksum failed for “etc/apache2/sites-available/default-ssl.conf”

Command being ran: docker save -o /home/itadmin/sbm_nextcloud.tar nextcloud

End goal: I am wanting to save a container so I can push a container in the future when needed without losing anything and without having to re-do much configuring on the new VM that I spin up.

Thanks,