I'm trying to create a development enviroment using nginx, mysql and php. I want to have a self signed SSL certificate configured because in productions I'll use ssl connections as well.
For php and mysql I had no problems, but for nginx and struggling to make it work. I'm using MarvAmBass/docker-nginx-ssl-secure image (https://github.com/MarvAmBass/docker-nginx-ssl-secure) but when accessing the site I get the SEC_ERROR_UNKNOWN_ISSUER error in Firefox (invalid ssl certificate).
I've replaced the CN var in the command to create the self certificate but doesn't seem to affect.
I don't know if maybe there's another image I can use (I'm pretty new to the docker world).
Thanks in advance
If the certificate is not authorized by the valid CA(Certificate Authority), then you will notice SEC_ERROR_UNKNOWN_ISSUER on Mozilla. It is recommended to use the certificates provided by your CA(Certificate Authority).
Related
I have installed Alfresco 6.2 using docker based installation and it's working fine with http.
Now, I have to run same set-up on https and i have to apply self signed certificate for this.
Can someone please provide the steps to generate this self-signed certificate and how to apply it inside docker image.
Any help will be appreciated.
I already did same thing for Alfresco 5.2 without docker, but here I am quite new to docker and not understanding how to do this.
Instead of changing the tomcat certificate I would recommend to setup SSL on nginx or any other reverse proxy. The Tomcat certificate is also used to authenticate Solr. Configuration errors can easily cause the search to stop working.
When using a reverse proxy don't forget to set your external connection in alfresco-global.properties to avoid problems with the CSRF Token Filter. e.g.:
alfresco.context=alfresco
alfresco.host=alfresco.mycompany.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=${alfresco.host}
share.port=${alfresco.port}
share.protocol=${alfresco.protocol}
I have a dockerized django app (cookiecutter) and I want to configure nginx inside of a docker container, so I can deploy it to an EC2 instance. For that I need ssl certificates.
The process to get a ssl certificate with Let's Encrypt like it is recommended everywhere seems to be a complicated task when you use docker, nginx and EC2. I tried it and can't get passed the error I'm linking below.
So I was wondering if there is a way to configure nginx with an AWS certificate. I read that AWS certificates are free but can't be downloaded (https://serverfault.com/questions/822035/). So my question is threefold:
a) Can I configure nginx without https, get a free certificate for my AWS EC2 instance and then run my app on that server with https?
b) If the answer is yes, how could I configure my nginx server to serve only http for that?
c) If I buy a certificate from a CA can I use it to configure my nginx and will it be transportable if I move my app (to Digital Ocean or Azure or sth)?
I am by no means an expert in most of these technologies and fighting myself through a jungle here. Very grateful for help, hints, tips, suggestions and guidance. Thanks very much in advance. I happily provide more code if needed.
Tutorial I tried but can't solve my error:
https://medium.com/#pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
Tutorial for nginx with docker and let's encrypt I wanted to follow if there is no easier and quicker solution: https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
Error with Let's Encrypt:
Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
I am trying to implement Elasticsearch 5.x with https(using Safeguard) and NEST client.
I am failing on, how to generate a X509certificate of Elasticsearch installed in server.
Found some code in below link how to create a NEST connection to Elasticsearch with X509 certificate.
How to use X509 certificate with the Nest Elastic Client
But I have no idea how to achieve this. I need to know how the below things:
How to generate a X509 certificate of Elasticsearch 5.x(Elasticsearch installed in a server and is accessible through some url like https://elas:9300)
What could be the value for "path_to_cert" in the above link's answer(I understood it is the path to X509 certificate file). It need to be a shared path or that certificate need to be included in application
I tried searching all the web and still no idea. Please help on this.
Thanks in advance.
Your question is not clear if it is about the Elasticsearch server to configure, or only the client. Is the server already running with SSL (is it reachable at https://elas:9300 ?). If no, then you need to create a java keystore containing a self-signed certificate (I suppose it's enough for your need). If already running in SSL and your question is only about the client, then store the certificate that you can get when browsing https://elas:9300 in this file that you suggested (path_to_cert)
I have Rails app running behind Nginx using Passenger. SSL is configured at Nginx side in server block and works fine. Now I need specify separate certificate on certain path, say for https://example.com/blablabla.
I need this because of constrains of some system I working with.
A certificate identifies a server and not a path inside the server. The path is only known after the SSL handshake is done, that is after the certificate was already provided. Thus it is not possible to have one certificate for a specific path and another certificate for another path and the same hostname.
I have
config.force_ssl = true
in my environment/production.rb file so as to make every request sequre with ssl and https.
I came to know that SSL can't be enabled in development mode. So, I started my thin web server in production mode and when I went to
https://127.0.0.1:3000
it's the same as the development mode(SSL connection error). Tried almost all the links of first 6 pages fetched by google. Anybody have solution to my problem??
P.S. I'm working on windows and I have client authentication certificate.
The problem you described is related to using a self-signed certificate.
SSL certificates relies on a chain of trust, where the root CA's (Certification Authority) are at the top.
To understand more how it works, the Wikipedia entry on SSL provide a good insight. For Self-Signed certificates there's also an entry at Wikipedia.
To solve you issue you can have a self-signed certificate (be aware of the security issues), but your users will be always prompted for an action.
Another option is to apply for a certificate on CertCA since some Linux distributions have them on root CA's.
The last and most reliable option is to acquire a certificate.