时间戳

首页 > 解决方案 > 在 Dockerfile 中添加自定义 openssl.cnf 以生成 SSL

docker - 在 Dockerfile 中添加自定义 openssl.cnf 以生成 SSL

问题描述

我想为 docker 容器中的 apache 虚拟主机生成 SSL 证书,我需要更改 openssl 的 .cnf 文件以添加 subjectAltName。我正在尝试将主机文件夹与我的 conf 绑定,然后在生成 ssl 时,尝试指向容器上的此文件夹,但我得到:

#12 0.218 req: 无法打开输入文件 /etc/ssl/customconf/openssl.cnf,没有这样的文件或目录

这是我的 docker-compose:(SSLCONF_DIR var 为空,./config/sslconf 是自定义配置文件夹的路径)

version: "3"

services:
  webserver:
    build: 
      context: ./bin/${PHPVERSION}
    container_name: '${COMPOSE_PROJECT_NAME}-${PHPVERSION}'
    restart: 'always'
    ports:
      - "${HOST_MACHINE_UNSECURE_HOST_PORT}:80"
      - "${HOST_MACHINE_SECURE_HOST_PORT}:443"
    links: 
      - database
    volumes:
      - ${DOCUMENT_ROOT-./www}:/var/www/html
      - ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/php.ini
      - ${VHOSTS_DIR-./config/vhosts}:/etc/apache2/sites-enabled
      - ${LOG_DIR-./logs/apache2}:/var/log/apache2
      - ${SSLCONF_DIR-./config/sslconf}:/etc/ssl/customconf
    environment:
      APACHE_DOCUMENT_ROOT: ${APACHE_DOCUMENT_ROOT-/var/www/html}
      PMA_PORT: ${HOST_MACHINE_PMA_PORT}
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
  database:
    build:
      context: "./bin/${DATABASE}"
    container_name: '${COMPOSE_PROJECT_NAME}-database'
    restart: 'always'
    ports:
      - "127.0.0.1:${HOST_MACHINE_MYSQL_PORT}:3306"
    volumes: 
      - ${MYSQL_DATA_DIR-./data/mysql}:/var/lib/mysql
      - ${MYSQL_LOG_DIR-./logs/mysql}:/var/log/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
  phpmyadmin:
    image: phpmyadmin/phpmyadmin
    container_name: '${COMPOSE_PROJECT_NAME}-phpmyadmin'
    links:
      - database
    environment:
      PMA_HOST: database
      PMA_PORT: 3306
      PMA_USER: root
      PMA_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    ports:
      - '${HOST_MACHINE_PMA_PORT}:80'
    volumes: 
      - /sessions
      - ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/conf.d/php-phpmyadmin.ini
  redis:
    container_name: '${COMPOSE_PROJECT_NAME}-redis'
    image: redis:latest
    ports:
      - "127.0.0.1:${HOST_MACHINE_REDIS_PORT}:6379"

和有问题的 Dockerfile:(./bin/php73/Dockerfile)

FROM php:7.3-apache-stretch

# Surpresses debconf complaints of trying to install apt packages interactively
# https://github.com/moby/moby/issues/4032#issuecomment-192327844

ARG DEBIAN_FRONTEND=noninteractive

# Update
RUN apt-get -y update --fix-missing && \
    apt-get upgrade -y && \
    apt-get --no-install-recommends install -y apt-utils && \
    rm -rf /var/lib/apt/lists/*


# Install useful tools and install important libaries
RUN apt-get -y update && \
    apt-get -y --no-install-recommends install nano wget dialog libsqlite3-dev libsqlite3-0 && \
    apt-get -y --no-install-recommends install mysql-client zlib1g-dev libzip-dev libicu-dev && \
    apt-get -y --no-install-recommends install --fix-missing apt-utils build-essential git curl && \ 
    apt-get -y --no-install-recommends install --fix-missing libcurl3 libcurl3-dev zip openssl && \
    rm -rf /var/lib/apt/lists/* && \
    curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

# Install xdebug
RUN pecl install xdebug-2.7.2 && \
    docker-php-ext-enable xdebug

# Install redis
RUN pecl install redis-5.0.2 && \
    docker-php-ext-enable redis

# Other PHP7 Extensions

RUN docker-php-ext-install pdo_mysql && \
    docker-php-ext-install pdo_sqlite && \
    docker-php-ext-install mysqli && \
    docker-php-ext-install curl && \
    docker-php-ext-install tokenizer && \
    docker-php-ext-install json && \
    docker-php-ext-install zip && \
    docker-php-ext-install -j$(nproc) intl && \
    docker-php-ext-install mbstring && \
    docker-php-ext-install gettext

# Install Freetype 
RUN apt-get -y update && \
    apt-get --no-install-recommends install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev && \
    rm -rf /var/lib/apt/lists/* && \
    docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && \
    docker-php-ext-install -j$(nproc) gd

RUN mkdir -p /etc/apache2/ssl

RUN openssl req \
    -newkey rsa:2048 \
    -x509 \
    -nodes \
    -keyout /etc/apache2/ssl/ssl-produktymdd.key \
    -new \
    -out /etc/apache2/ssl/ssl-produktymdd.crt \
    -subj /CN=produktymdd.local \
    -config /etc/ssl/customconf/openssl.cnf \
    -sha256 \
    -days 3650

# Enable apache modules
RUN a2enmod rewrite headers deflate expires
RUN a2enmod ssl

# Cleanup
RUN rm -rf /usr/src/*

标签: dockerssldocker-composeopenssl

解决方案

推荐阅读