Ad Widget

Collapse

SSL Certificate encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SSL Certificate encryption

    Okay so i am a beginner at this. So i was testing the waters and i created a server using docker containers. I used zabbix to start. So everything seems to be working, i can access zabbix using IP as well as DNS entry. Now i have a few certificates and i want to secure the site, to be able to access it using HTTPS, but i cant seem to get it to work. I need help.

    #2
    Hey GHW,

    I just spent far longer than I care to admit to figure this out, so I made an account to try to help you out.

    For reference, I used example 3 on this site: https://www.zabbix.com/documentation...ion/containers as the base of my installation. I made some changes to it (I opened added a mapping for port 80 since I didn't know how to setup the ssl, I also set the front end timezone, things like that)

    I also got my certificates from Let's Encrypt by following this guide https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx

    In the end, it ended up being much simpler than I thought. The guide in example 3 includes this following line when starting the front end (zabbix-web-nginx-pgsql): -v /etc/ssl/nginx:/etc/ssl/nginx:ro which, as I just discovered (I'm also really new to docker and zabbix), basically connects the /etc/ssl/nginx directory on the host to the same directory in the container (the ro makes the container folder read only). So you need to put your cert, key and dh files into that folder and restart the container. There is a note on there that says "Zabbix web interface instance exposes the 443/TCP port (HTTPS) to host machine. Directory /etc/ssl/nginx must contain certificate with required name." But it also took me a little bit to figure out what the required name for the files was. I can't remember where, but I found out that the nginx config files inside the container are in the /etc/zabbix directory (nginx.conf and nginx_ssl.conf). So I used a "sudo docker exec -it zabbix-web-nginx-pgsql /bin/bash" to open a shell and read the config file, which gave me these file names:

    ssl_certificate /etc/ssl/nginx/ssl.crt;
    ssl_certificate_key /etc/ssl/nginx/ssl.key;
    ssl_dhparam /etc/ssl/nginx/dhparam.pem;

    So, once I renamed my cert files and put those files into the /etc/ssl/nginx folder and restarted the container, https just worked right away. Now I'm going to setup a cron job to renew the certs, move them into the correct folder and restart the container on a regular basis.

    One thing to keep in mind is that since I'm using nginx, the cert file contains all CA certs in one file. If you are using apache, you might need to do something different.

    I hope that helps a bit. If you have any questions I'll do my best to answer them.

    Best,

    muddyboy

    Comment

    Announcement

    Collapse
    No announcement yet.
    Working...
    X