So you don’t have installed OpenSSL or apache2-utils on your laptop, but you have Docker installed and you want to generate SSL (self-signed or not) certificates and an htpasswd file for basic authentication ?
Follow those easy steps !
Generate SSL certificates from a Docker container
I gathered those steps from this nice article from Digital Ocean (How To Create a SSL Certificate on nginx for Ubuntu 12.04) and I adapted them to run all the commands inside a container.
You’ll notice the use of a volume that mounts the current directory into the container /work directory (by default a volume is read write)
- First we generate a private key :
Shell1docker run -v $PWD:/work -it nginx openssl genrsa -des3 -out /work/server.key.protected 2048
- Then we generate a Certificate Signing Request
Shell1docker run -v $PWD:/work -it nginx openssl req -new -key /work/server.key.protected -out /work/server.csr
- After that we generate a password-less key, for the use of use with webservers
Shell1docker run -v $PWD:/work -it nginx openssl rsa -in /work/server.key.protected -out /work/server.key
- And finally we sign the certificate (since we want a self signed certificate)
Shell1docker run -v $PWD:/work -it nginx openssl x509 -req -days 365 -in /work/server.csr -signkey /work/server.key -out /work/server.crt
Now have a look at your current folder, you should see :
server.crt server.csr server.key server.key.protected
Usually, the key and crt files are enough to serve HTTPS content using nginx or apache2
Generate a htpasswd file from a Docker container
htpasswd files are used for basic authentication in Nginx and Apache2.
Usually you would install apache2-utils on your Linux host to use the tool named htpasswd, but actually openssl can generate those files too, as explained in Nginx FAQ
Well, you still need to install openssl (or apache2-utils) in that case, unless you rely on a container to create your htpasswd :
docker run -it nginx printf "John:$(openssl passwd -crypt V3Ry)\n" >> .htpasswd
That’s it ! No need to use a volume this time since we just piped the output of the command to a file hosted on the host.
You can use cat to see its content :
So next time you install a tool for a task, ask yourself whether or not a Docker image already provides this image for you, instead of polluting your laptop system with software you’ll use just once !