AWS/SSL certificate(s) for Nginx setup inside docker container - docker

I have a dockerized django app (cookiecutter) and I want to configure nginx inside of a docker container, so I can deploy it to an EC2 instance. For that I need ssl certificates.
The process to get a ssl certificate with Let's Encrypt like it is recommended everywhere seems to be a complicated task when you use docker, nginx and EC2. I tried it and can't get passed the error I'm linking below.
So I was wondering if there is a way to configure nginx with an AWS certificate. I read that AWS certificates are free but can't be downloaded (https://serverfault.com/questions/822035/). So my question is threefold:
a) Can I configure nginx without https, get a free certificate for my AWS EC2 instance and then run my app on that server with https?
b) If the answer is yes, how could I configure my nginx server to serve only http for that?
c) If I buy a certificate from a CA can I use it to configure my nginx and will it be transportable if I move my app (to Digital Ocean or Azure or sth)?
I am by no means an expert in most of these technologies and fighting myself through a jungle here. Very grateful for help, hints, tips, suggestions and guidance. Thanks very much in advance. I happily provide more code if needed.
Tutorial I tried but can't solve my error:
https://medium.com/#pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
Tutorial for nginx with docker and let's encrypt I wanted to follow if there is no easier and quicker solution: https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
Error with Let's Encrypt:
Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Related

JHipster gateway application SSL certificate from cloudflare setup

So I am using JHipster to build my micro service architecture. I am at a point it is almost time to fully deploy my gateway, but i have an issue.
SSL/TLS specifically i use cloud flare to proxy my public ip, and provide certificates. I use kemp for layer 7 routing incoming traffic. My app is housed inside a Kubernetes cluster. My problem is i cant get ssl/tls to work right and I don't even know where to begin on how to add cloudflare certificates to my JHipster gateway.
Any suggestions or help would be greatly appreciated I have been looking for two weeks now trying to solve it on my own.
Have you read JHipster doc about TLS? https://www.jhipster.tech/production/#security
One point to think about is whether or not you want to expose your gateway publicly or if you prefer to put it behind a reverse proxy (e.g. nginx).
If you for the reverse proxy, you'll find plenty of resources to explain how to do it.
If you want to expose your gateway directly then it's not specific to JHipster, it's the same as for any java application, you must import your certificate into a KeyStore.
You can do it using JDK's keytool or simpler using KeyStore Explorer.
After that you might have to find a way to do it Kubernetes but I can't help here.

SSL local/remote Cert for DotNetCore API

I'm a newbie when it comes to certificates.
I'm building a Linux docker image with a Dot Net Core REST WebAPI app that will host the backend for a game. I plan to host this backend on Azure using a Container Instance.
I'd like all communication to be via SSL. I've created a self-signed cert for local communication from my Windows machine to the container. Once I registered it in my hosts file, the self-signed cert is working fine locally.
Now I'm ready to host on Azure. I'm prepared to obtain a CA cert, but am trying to work out how to maintain local access w/o cert errors as well as public access w/o cert errors without modifying the container between my local/debug sessions and the production/remote sessions. I'd prefer to have a single certificate, if possible.
Can anyone give me guidance on how to setup a cert for this situation? Seems like a common need, but I'm not finding resources to walk me through it. Thanks!

Serving dockerized microservices over HTTPS

I'm currently struggling with docker and SSL. Let me give you an overview on what I'm trying to do.
I built a microservice-based architecture which is composed by a react web application and some "backend" services written in python and exposed with gunicorn on docker containers. I need to serve it over SSL because of Auth0 which needs the https communication. So, I built the server, bought a domain and got the SSL certificate for the domain with let's encrypt.
Now, here are the troubles, since mi services communicates to each other with a docker network, say services-network. For this reason they refer each other with the url `service:port/example.
At the moment I'm able to successfully connect to my web app with https but whenever this tries to contact the "backend" services the connection is refused because of it came from a non-secure resource (I used http://service:port/endpoint).
I tried to use the let's encrypt certificate generated for the webapp but the communication is blocked with message requests.exceptions.SSLError: HTTPSConnectionPool(host='service', port=8081): Max retries exceeded with url: /endpoint (Caused by SSLError(CertificateError("hostname 'service' doesn't match 'domain.com'",),))
I understand that a possible workaround for this error is to make the services communicate each other without using the docker network but the external one. Anyway I think that is not a good practice and that the communication among containers needs to be done through the docker network.
Finally, my question is: which is the best way to make the containers communicate through https over the docker network?
I personally like to use nginx as a reverse proxy. You would configure it normally and set it to proxy_pass <dockerIp:port>.
Many people like to use traefik.io which has many features including Let's Encrypt integration.

How to configure(SSL) self signed certificate in Alfresco 6.2 test environment after docker based installation?

I have installed Alfresco 6.2 using docker based installation and it's working fine with http.
Now, I have to run same set-up on https and i have to apply self signed certificate for this.
Can someone please provide the steps to generate this self-signed certificate and how to apply it inside docker image.
Any help will be appreciated.
I already did same thing for Alfresco 5.2 without docker, but here I am quite new to docker and not understanding how to do this.
Instead of changing the tomcat certificate I would recommend to setup SSL on nginx or any other reverse proxy. The Tomcat certificate is also used to authenticate Solr. Configuration errors can easily cause the search to stop working.
When using a reverse proxy don't forget to set your external connection in alfresco-global.properties to avoid problems with the CSRF Token Filter. e.g.:
alfresco.context=alfresco
alfresco.host=alfresco.mycompany.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=${alfresco.host}
share.port=${alfresco.port}
share.protocol=${alfresco.protocol}

SSL installation for a frontend/api, any idea how to configure it?

I'm digging into the SSL installation for my app and it seems that my "basic" questions for the "how to start an ssl config" didn't find a clear answer.
I use a frontend in node that calls an API running on Ruby on Rails.
My front app delivers a multiple subdomain front service. Both (back and front) are hosted on Heroku and DNS points to 1and1 management.
I found some first steps with Geotrust provided by 1and1 and another choice that goes to letsencrypt.
My questions are :
If I had to choose one, which one between the backend and frontend would welcome the certificate ?
I tried to install a (paid, ofc.) Geotrust certificate on 1and1 but it fails. Is it related to the CNAME 1and1 <-> Heroku complexity, or because I didn't install the key yet on the app (and I don't know how) ?
If I plan to use SSL on front, I found installation of letsencrypt quite confusing. Between the npm letsencrypt and the "getting started" of the official website, there's a gap. Should I really need the node package ? Or is the certbot quite enough for making it working ?
Lots of informations but clearly not really operational for me. I'm sorry, probably I miss a thing in my readings.

Resources