Skip to content

Commit a1edb25

Browse files
turegjorupturegjorup
authored
Merge pull request #54 from itk-dev/feature/ssl
Enabled self-signed cert in treafik
2 parents 729e621 + 7b5e465 commit a1edb25

File tree

6 files changed

+71
-1
lines changed

6 files changed

+71
-1
lines changed

README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,18 @@ REMOTE_EXCLUDE=(ting styles advagg_*)
110110
LOCAL_PATH='sites/default/files'
111111
```
112112

113+
## SSL certification support
114+
115+
This setup comes with self-signed wildcard certificates for *.local.itkdev.dk, but other certificates can be generated by using this openssl command on Mac, just change the two places where the domain is written.
116+
117+
```sh
118+
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout docker.key -out docker.crt -subj "/CN=*.local.itkdev.dk" -reqexts SAN -extensions SAN -config <(cat /usr/local/etc/openssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:*.local.itkdev.dk'))
119+
```
120+
121+
To mac browser trust this certificate you need to open it with key-chain right click and select "Get info" and then open the "Trust" tab and select "Always trust".
122+
123+
The certificate is located in `./treafik/ssl/docker.crt` in this repository.
124+
113125
## Completions
114126

115127
### Bash

traefik/docker-compose.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ networks:
77

88
services:
99
traefik:
10-
image: traefik:v2.3
10+
image: traefik:v2.5
1111
container_name: traefik
1212
restart: unless-stopped
1313
security_opt:
@@ -17,9 +17,12 @@ services:
1717
ports:
1818
- 80:80
1919
- 8080:8080
20+
- 443:443
2021
volumes:
2122
- /var/run/docker.sock:/var/run/docker.sock:ro
2223
- $PWD/traefik.yml:/traefik.yml:ro
24+
- $PWD/dynamic-conf.yaml:/config/dynamic-conf.yaml:ro
25+
- $PWD/ssl:/certs:ro
2326
labels:
2427
- "traefik.enable=true"
2528
- "traefik.http.routers.traefik.rule=Host(`traefik.local.itkdev.dk`)"

traefik/dynamic-conf.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
tls:
2+
certificates:
3+
- certFile: /certs/docker.crt
4+
keyFile: /certs/docker.key

traefik/ssl/docker.crt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIC2zCCAcOgAwIBAgIJAIgOJvRHdQq+MA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV
3+
BAMMESoubG9jYWwuaXRrZGV2LmRrMB4XDTIxMDkwNjExMDMxN1oXDTMxMDkwNDEx
4+
MDMxN1owHDEaMBgGA1UEAwwRKi5sb2NhbC5pdGtkZXYuZGswggEiMA0GCSqGSIb3
5+
DQEBAQUAA4IBDwAwggEKAoIBAQCrL/r+/VrPnqjmgwGDRCdHV111UIlQ/Px0UqMP
6+
TLvDuLOJe2spNqhXMuAV+naMk6d3dMu6wVZoiJU6cD5XiK4RMxwyu2voMlTPWHDV
7+
lIvgh17/Vh80Aw31VcZL8FYL0RbY6AM0aSDgHI8Mx+JDgndj+L6yBpZD0Rsm3spl
8+
sZc7fw5bXzaAEtbT3uDr/7XIwvTBgaK4SVv4zTFb1LtRLS2lwnkI6ALgKdPxvpuQ
9+
bIilKMsvbl+b8xZo5JTUWH0obvBWHAalQDcnzXTFZIMxdHIz5WJPTBBsjS5T3Hi7
10+
CIvA96o9qi6z8dE837fsuFLUCjisyrOPu9hZfjHHF9D4/0NPAgMBAAGjIDAeMBwG
11+
A1UdEQQVMBOCESoubG9jYWwuaXRrZGV2LmRrMA0GCSqGSIb3DQEBCwUAA4IBAQAW
12+
llDU8INVpT5fJwkdi4sno7sk8snjbXBGOlUjcEQYG8q2fC6TUKlqmgTAXiAJHgff
13+
/IyzObWK1DzJrIqbU3lFGu7TtWr7oGqz7BO7gRPPm1Cj3QxrdhsL7tbRtxFTOz87
14+
zaO3/Ljtaha9ONYIkHqqky4ijZZaoX3kThWENK472TlrftjhiTUEi9xFmJ3oxseF
15+
Ine8S+5y0C83OOIHJajnBsXUkSd7ilrzmqlHi+w6sWI3erbntBQbopU2kPoUpADR
16+
X8vdjkqVRNbOeiMxUogwcrsOOpIN03v7M3vW0YN/fRObAONv4oUjuOpgbEzj2Lh1
17+
+fA3c3/pU71zlK29XruP
18+
-----END CERTIFICATE-----

traefik/ssl/docker.key

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrL/r+/VrPnqjm
3+
gwGDRCdHV111UIlQ/Px0UqMPTLvDuLOJe2spNqhXMuAV+naMk6d3dMu6wVZoiJU6
4+
cD5XiK4RMxwyu2voMlTPWHDVlIvgh17/Vh80Aw31VcZL8FYL0RbY6AM0aSDgHI8M
5+
x+JDgndj+L6yBpZD0Rsm3splsZc7fw5bXzaAEtbT3uDr/7XIwvTBgaK4SVv4zTFb
6+
1LtRLS2lwnkI6ALgKdPxvpuQbIilKMsvbl+b8xZo5JTUWH0obvBWHAalQDcnzXTF
7+
ZIMxdHIz5WJPTBBsjS5T3Hi7CIvA96o9qi6z8dE837fsuFLUCjisyrOPu9hZfjHH
8+
F9D4/0NPAgMBAAECggEAL2tpEb1IrH58tu3PO3djkgWHY/ndL8wEeoxxkslkscC2
9+
Kv0/H/l+BDmZjT0GHcbA+vwleyQXNXmwLLHu8vxvi2AnDX6RU46to4oSJ3ewj4+w
10+
JvbKSfQWp8EM3vhCPZ+7vnX2fUwpySrgDWBJMv4u6Eh9On9MnJiN9uR8GFNrWxVQ
11+
+zH3CNl5LKJUvBJITupzu53GRlPJD8/wklqFdNIGLy1oJ18OZiPCKSrHgLmIQ+/u
12+
i7MxRtHuy58wln78y1ZZXnbT6awj1fyvlH6mL+LfiABhvYwa6GcABOhDdwE7Scj7
13+
6EBk2C2g+uZj6GJbzrestOwQa2MOFUsV0FSE8PbksQKBgQDVPH/1uV/dlrsG29q1
14+
d5OsYpFAMOh+4F5cTgJF6LuUJl1e0RnbguD8jdCvjW8xkbAIMOKhpiUOQQB8fszR
15+
771DK4EXZHyJLQ/bLKNeYUqRK0wgEJByVTLNek+SxpMGJcQoCjD1JfrktcaCNSoy
16+
FQ7XVP4+LFlVSKbErxufPnV4iwKBgQDNhLNH9NxKdl8H6mwuPj/p1Tre9a4XrdbP
17+
1Q/cDGyX7fUBGzCy5Y9YUnVYEKAWKO55jvpXTO98eM5Y87b/tqlRfqXYCOSn8TNa
18+
r+C4wmKwOtRnh9ZurLClVA+WH0L6S+sWVbU5xai6fOXXK0wSzGn5EUeowP+cal66
19+
sFV3rgS0zQKBgGomuQipZLjZ3XcXoXPu+Bu74dUTw9nNdgv7ZZRJvH+O7bJS481s
20+
BPaU3otWHEGP5hLdyyRvokjLQSO4t9vWveAfWx87Def3/8m7GgTU6BsGc9oOhOn1
21+
0dmKhuxpYC2SRWktUZvocVLDzvNo5f2SkBXQINTwnPQgu6x0A4stu6rrAoGAbT4g
22+
XhtWDW6mTPrazingp1bkmCdXhtas3ISQjZM9FfUyyoe9dxp2+6e5IDqWHbFcMdlC
23+
UK1gj3VXmgjSOVLK5brARPlVMcAQYCAk/5C0DKD4zp9x6Bp7OyZXsqCjZZB9Qb4F
24+
OtRKP/ar5ZfqNAPcQLxirt0IAgi4mdupUph5f/ECgYASsCniBvvUVRk13/xPxbcy
25+
v4Fh3RZ+/kr378vVDwB1hDwWOj7lWpifhb4EjV4eL3E/V+odPtI6469CenLGeEFa
26+
UxrCGETbeMqflVMZPJUKOiEB93EQnjbdXSzLUEiEJ269L7UKZbEggyFNe49/FlUL
27+
8nN4JNQoX3la/78SprRc7A==
28+
-----END PRIVATE KEY-----

traefik/traefik.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,13 @@ entryPoints:
99
address: ":80"
1010
https:
1111
address: ":443"
12+
http:
13+
tls:
14+
{}
1215

1316
providers:
17+
file:
18+
directory: /config
1419
docker:
1520
endpoint: "unix:///var/run/docker.sock"
1621
exposedByDefault: false

0 commit comments

Comments
 (0)