Support for HTTPS

[ashl1]

Thank you for the image!
I think adding support for HTTPS will improve security of using this image in production.
We uses "lets-nginx" image in docker-compose with "registry" to provide worldwide approved SSL certificates. I think ability to use TLS certificate for this image is a good idea.

[Joxit]

You're welcome.
The image is based on Nginx, so you can put your own Nginx configuration to include your own certificates.
There will however be no automatic update of Let's Encrypt certificates.

Exemple of configuration to add in /etc/nginx/conf.d:

server {
  listen              443 ssl;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_certificate     /etc/nginx/certs/fullchain.pem;
  ssl_certificate_key /etc/nginx/certs/privkey.pem;
}

server {
  listen 80;
  location /  {
    return 301 https://$host$request_uri;
  }
}

[ashl1]

Yes. I suppose to make PR to support using attributes for this image and updated README. What do you think about?

[Joxit]

Yes, you can try.
Activating ssl option shouldn't be in the docker image because it is a specific configuration. Don't you think?
Updating the readme is a good idea (in order to have "how to add ssl in nginx" section).

[FritschAuctores]

The Page is available with:

server {
  listen              443 ssl;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_certificate     /etc/nginx/certs/fullchain.pem;
  ssl_certificate_key /etc/nginx/certs/privkey.pem;
  root /usr/share/nginx/html;
}

server {
  listen 80;
  location /  {
    return 301 https://$host$request_uri;
  }
}

but my error with "remote error: tls: bad certificate" on the dockerhub is still the same

[Joxit]

Hi,
It seems that it's a certificate/nginx configuration issue, either your key or fullchain are incorrect (incorrect format or are not certificates).

[Joxit]

Sorry, I'm currently in Japan and can't go further for this issue.

[Joxit]

Hello,

I wrote an example for this issue, you can see it here : examples/issue-20

[hacko2]

I did all in the example, but i don't understand "You will need to rewrite all the project configuration (replaces proxy_pass with our value)."
Only get:
ui_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
ui_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
ui_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
ui_1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
ui_1 | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
ui_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confCaPkPD' to '/etc/nginx/conf.d/default.conf': Resource busy
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confJogDGK' to '/etc/nginx/conf.d/default.conf': Resource busy
ui_1 | sed: can't move '/etc/nginx/conf.d/default.confepeBnm' to '/etc/nginx/conf.d/default.conf': Resource busy
docker-registry_ui_1 exited with code 1