Skip to content

[ZT] Add cert to Docker #17783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Nov 15, 2024
Merged

[ZT] Add cert to Docker #17783

Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
8699ca9
Add initial steps
maxvp Oct 24, 2024
3d8db94
Merge branch 'production' into max/gw/docker-cert
maxvp Oct 24, 2024
ecd8d7e
Rename cert to generic
maxvp Oct 24, 2024
8042cf1
Add more steps
maxvp Oct 24, 2024
f9dc8d4
Update PHP steps
maxvp Oct 25, 2024
c1b1380
Refine distro names
maxvp Oct 25, 2024
1b4d2a0
Merge branch 'production' into max/gw/docker-cert
maxvp Nov 12, 2024
0d0c8af
Add tabs
maxvp Nov 12, 2024
14bc8a4
Add Docker Compose instructions
maxvp Nov 12, 2024
702b11b
Improve wording
maxvp Nov 13, 2024
4828bb6
Add runtime procedure
maxvp Nov 13, 2024
36e8288
Disambiguate images vs. containers
maxvp Nov 15, 2024
8abf254
Update paths
maxvp Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 137 additions & 0 deletions ...e/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,143 @@ On some systems you may need to set the following in your path/export list:
export NODE_EXTRA_CA_CERTS='[PATH_TO_CLOUDFLARE_CERT.pem]'
```

### Docker

To install a certificate for use in a Docker container:

1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format.
2. Create a directory for certificates in your Docker project:

```sh
cd docker-project
mkdir certs
mv /path/to/downloaded/certificate.pem certs/
```

3. Verify the certificate was moved to the directory correctly. Your project should have the following structure:

```sh
docker-project/
├── Dockerfile
└── certs/
└── certificate.pem
```

4. Add the certificate to your Docker image:

<Tabs> <TabItem label="During build process">

To add the certificate to your Dockerfile to install it during the build process:

1. Add the certificate install directions to your Dockerfile. For example:

```docker title="Red Hat-based images"
FROM registry.access.redhat.com/ubi9/ubi:latest
# Or FROM centos:7 or FROM fedora:38

# Install necessary certificates package
RUN dnf install -y ca-certificates

# Copy and add Cloudflare root certificate
COPY certs/certificate.pem /etc/pki/ca-trust/source/anchors/certificate.crt
RUN update-ca-trust extract
```

```docker title="Debian-based images"
FROM debian:12
# Or FROM ubuntu:22.04

# Install necessary certificates package
RUN apt-get update && apt-get install -y ca-certificates

# Copy and add Cloudflare root certificate
COPY certs/certificate.pem /usr/local/share/ca-certificates/certificate.crt
RUN update-ca-certificates
```

```docker title="Alpine-based images"
FROM alpine:3.18

# Install necessary certificates package
RUN apk add --no-cache ca-certificates

# Copy and add Cloudflare root certificate
COPY certs/certificate.pem /usr/local/share/ca-certificates/certificate.crt
RUN update-ca-certificates
```

2. Build the Docker image:

```sh
docker build -t <your-container-name> .
```

3. Verify the certificate was installed:

```sh title="Red Hat-based images"
docker run --rm your-image-name sh -c "cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | grep Cloudflare"
```

```sh title="Debian and Alpine-based images"
docker run --rm your-image-name sh -c "cat /etc/ssl/certs/certificate.pem"
```

</TabItem>

<TabItem label="During runtime">

To add the certificate to your Docker Compose file to install it during runtime:

1. Add the certificate install directions to your `docker-compose.yml` file. For example:

```yaml title="Red Hat-based containers"
version: '3'
services:
redhat-app:
image: registry.access.redhat.com/ubi9/ubi:latest
volumes:
- certs/certificate.pem:/etc/pki/ca-trust/source/anchors/certificate.pem
entrypoint: /bin/sh -c "dnf install -y ca-certificates && update-ca-trust extract && app start"
```

```yaml title="Debian-based containers"
version: '3'
services:
debian-app:
image: debian:12
volumes:
- certs/certificate.pem:/usr/local/share/ca-certificates/certificate.crt
entrypoint: /bin/sh -c "apt-get update && apt-get install -y ca-certificates && update-ca-certificates && app start"
```

```yaml title="Alpine-based containers"
version: '3'
services:
alpine-app:
image: alpine:3.18
volumes:
- certs/certificate.pem:/usr/local/share/ca-certificates/certificate.pem
entrypoint: /bin/sh -c "apk add --no-cache ca-certificates && update-ca-certificates && app start"
```

2. Run the container:

```sh
docker-compose up
```

3. Verify the certificate was installed:

```sh title="Red Hat-based containers"
docker exec -it <container-name> sh -c "cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | grep Cloudflare"
```

```sh title="Debian and Alpine-based containers"
docker exec -it <container-name> sh -c "cat /etc/ssl/certs/ca-certificates.crt | grep Cloudflare"
```

</TabItem> </Tabs>

### Google Cloud

#### Google Cloud SDK
Expand Down
Loading