docker - 在 Dockerfile 中添加自定义 openssl.cnf 以生成 SSL
问题描述
我想为 docker 容器中的 apache 虚拟主机生成 SSL 证书,我需要更改 openssl 的 .cnf 文件以添加 subjectAltName。我正在尝试将主机文件夹与我的 conf 绑定,然后在生成 ssl 时,尝试指向容器上的此文件夹,但我得到:
#12 0.218 req: 无法打开输入文件 /etc/ssl/customconf/openssl.cnf,没有这样的文件或目录
这是我的 docker-compose:(SSLCONF_DIR var 为空,./config/sslconf 是自定义配置文件夹的路径)
version: "3"
services:
webserver:
build:
context: ./bin/${PHPVERSION}
container_name: '${COMPOSE_PROJECT_NAME}-${PHPVERSION}'
restart: 'always'
ports:
- "${HOST_MACHINE_UNSECURE_HOST_PORT}:80"
- "${HOST_MACHINE_SECURE_HOST_PORT}:443"
links:
- database
volumes:
- ${DOCUMENT_ROOT-./www}:/var/www/html
- ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/php.ini
- ${VHOSTS_DIR-./config/vhosts}:/etc/apache2/sites-enabled
- ${LOG_DIR-./logs/apache2}:/var/log/apache2
- ${SSLCONF_DIR-./config/sslconf}:/etc/ssl/customconf
environment:
APACHE_DOCUMENT_ROOT: ${APACHE_DOCUMENT_ROOT-/var/www/html}
PMA_PORT: ${HOST_MACHINE_PMA_PORT}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
database:
build:
context: "./bin/${DATABASE}"
container_name: '${COMPOSE_PROJECT_NAME}-database'
restart: 'always'
ports:
- "127.0.0.1:${HOST_MACHINE_MYSQL_PORT}:3306"
volumes:
- ${MYSQL_DATA_DIR-./data/mysql}:/var/lib/mysql
- ${MYSQL_LOG_DIR-./logs/mysql}:/var/log/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: '${COMPOSE_PROJECT_NAME}-phpmyadmin'
links:
- database
environment:
PMA_HOST: database
PMA_PORT: 3306
PMA_USER: root
PMA_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
ports:
- '${HOST_MACHINE_PMA_PORT}:80'
volumes:
- /sessions
- ${PHP_INI-./config/php/php.ini}:/usr/local/etc/php/conf.d/php-phpmyadmin.ini
redis:
container_name: '${COMPOSE_PROJECT_NAME}-redis'
image: redis:latest
ports:
- "127.0.0.1:${HOST_MACHINE_REDIS_PORT}:6379"
和有问题的 Dockerfile:(./bin/php73/Dockerfile)
FROM php:7.3-apache-stretch
# Surpresses debconf complaints of trying to install apt packages interactively
# https://github.com/moby/moby/issues/4032#issuecomment-192327844
ARG DEBIAN_FRONTEND=noninteractive
# Update
RUN apt-get -y update --fix-missing && \
apt-get upgrade -y && \
apt-get --no-install-recommends install -y apt-utils && \
rm -rf /var/lib/apt/lists/*
# Install useful tools and install important libaries
RUN apt-get -y update && \
apt-get -y --no-install-recommends install nano wget dialog libsqlite3-dev libsqlite3-0 && \
apt-get -y --no-install-recommends install mysql-client zlib1g-dev libzip-dev libicu-dev && \
apt-get -y --no-install-recommends install --fix-missing apt-utils build-essential git curl && \
apt-get -y --no-install-recommends install --fix-missing libcurl3 libcurl3-dev zip openssl && \
rm -rf /var/lib/apt/lists/* && \
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Install xdebug
RUN pecl install xdebug-2.7.2 && \
docker-php-ext-enable xdebug
# Install redis
RUN pecl install redis-5.0.2 && \
docker-php-ext-enable redis
# Other PHP7 Extensions
RUN docker-php-ext-install pdo_mysql && \
docker-php-ext-install pdo_sqlite && \
docker-php-ext-install mysqli && \
docker-php-ext-install curl && \
docker-php-ext-install tokenizer && \
docker-php-ext-install json && \
docker-php-ext-install zip && \
docker-php-ext-install -j$(nproc) intl && \
docker-php-ext-install mbstring && \
docker-php-ext-install gettext
# Install Freetype
RUN apt-get -y update && \
apt-get --no-install-recommends install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev && \
rm -rf /var/lib/apt/lists/* && \
docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && \
docker-php-ext-install -j$(nproc) gd
RUN mkdir -p /etc/apache2/ssl
RUN openssl req \
-newkey rsa:2048 \
-x509 \
-nodes \
-keyout /etc/apache2/ssl/ssl-produktymdd.key \
-new \
-out /etc/apache2/ssl/ssl-produktymdd.crt \
-subj /CN=produktymdd.local \
-config /etc/ssl/customconf/openssl.cnf \
-sha256 \
-days 3650
# Enable apache modules
RUN a2enmod rewrite headers deflate expires
RUN a2enmod ssl
# Cleanup
RUN rm -rf /usr/src/*
解决方案
推荐阅读
- maven - Maven Dependency Plugin:测试中的依赖关系分析不正确?
- java - Using self-referential generic types in Java
- python - Python36\Scripts starts on wrong python version
- machine-learning - Difference between OpenAI Gym environments 'CartPole-v0' and 'CartPole-v1'
- html - 我想使文本居中一点,但它跳到了新行
- java - android pie 9.0 mobile:org.json.JSONException:java.lang.String类型的值CLEARTEXT无法转换为JSONObject
- python - Python中的按钮点击计数器
- java - 以编程方式禁用“音量键快捷键”
- javascript - React-final-form 在某些表单字段上触发验证
- javascript - 手动在自动优化插件中加载 JS