Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How standalone certificate generation works #680

Closed
m-sadegh-sh opened this issue Jul 13, 2020 · 2 comments
Closed

How standalone certificate generation works #680

m-sadegh-sh opened this issue Jul 13, 2020 · 2 comments
Labels
status/needs-more-info

Comments

@m-sadegh-sh
Copy link

m-sadegh-sh commented Jul 13, 2020
edited
Loading

Hi there

I'm struggling with generating standalone certificates for the following subdomains and unfortunately, I was not able to fix it until now after several hours. Here is my docker-compose file to set up a staging environment.

version: "3.7"

networks:
  semantic-bridge:
    name: semantic-bridge
    driver: bridge

services:
  semantic-cache:
    image: semantic.io/semantic.io-cache
    container_name: semantic-cache
    expose:
      - 5268
    sysctls:
      net.core.somaxconn: 65535
    networks:
      - semantic-bridge
    restart: always

  semantic-cache-viewer:
    image: semantic.io/semantic.io-cache-viewer
    container_name: semantic-cache-viewer
    environment:
      - REDISINSIGHT_PORT=8000
    expose:
      - 80
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-cache

  semantic-cache-viewer-proxy:
    image: semantic.io/semantic.io-cache-viewer-proxy
    container_name: semantic-cache-viewer-proxy
    environment:
      - VIRTUAL_HOST=insight.semantic.io
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=insight.semantic.io
    expose:
      - 80
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-cache-viewer
      - semantic-proxy

  semantic-proxy:
    image: semantic.io/semantic.io-proxy
    container_name: semantic-proxy
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./semantic-proxy/etc/nginx/certs:/etc/nginx/certs:ro
      - ./semantic-proxy/etc/nginx/conf:/etc/nginx/conf.d
      - ./semantic-proxy/etc/nginx/vhost.d:/etc/nginx/vhost.d
      - ./semantic-proxy/etc/nginx/dhparam:/etc/nginx/dhparam
      - ./semantic-proxy/usr/share/nginx/html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - semantic-bridge
    restart: always

  semantic-proxy-letsencrypt:
    image: semantic.io/semantic.io-proxy-letsencrypt
    container_name: semantic-proxy-letsencrypt
    environment:
      - DEFAULT_EMAIL=info@semantic.io
    volumes:
      - ./semantic-proxy/etc/nginx/certs:/etc/nginx/certs:rw
      - ./semantic-proxy/etc/nginx/vhost.d:/etc/nginx/vhost.d
      - ./semantic-proxy/etc/nginx/dhparam:/etc/nginx/dhparam:ro
      - ./semantic-proxy/usr/share/nginx/html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-proxy

  semantic-apis-mobile:
    image: semantic.io/semantic.io-apis-mobile
    container_name: semantic-apis-mobile
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-cache

  semantic-apis-mobile-proxy:
    image: semantic.io/semantic.io-apis-mobile-proxy
    container_name: semantic-apis-mobile-proxy
    environment:
      - VIRTUAL_HOST=mobile.apis.semantic.io
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=mobile.apis.semantic.io
    expose:
      - 80
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-apis-mobile
      - semantic-proxy

  semantic-apis-portal:
    image: semantic.io/semantic.io-apis-portal
    container_name: semantic-apis-portal
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-cache

  semantic-apis-portal-proxy:
    image: semantic.io/semantic.io-apis-portal-proxy
    container_name: semantic-apis-portal-proxy
    environment:
      - VIRTUAL_HOST=portal.apis.semantic.io
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=portal.apis.semantic.io
    expose:
      - 80
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-apis-portal
      - semantic-proxy

  semantic-get:
    image: semantic.io/semantic.io-get
    container_name: semantic-get
    environment:
      - VIRTUAL_HOST=get.semantic.io
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=get.semantic.io
    expose:
      - 80
    networks:
      - semantic-bridge
    restart: always
    depends_on:
      - semantic-proxy

Using the above configuration, a SAN certificate is generated with the following details:

semantic.io
*.semantic.io

I was not able to figure it out because the above certificate is invalid for the following subdomains:

mobile.apis.semantic.io
portal.apis.semantic.io
@buchdag
Copy link
Member

buchdag commented Jul 14, 2020

Hi.

Are we talking about this standalone certificate feature https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Standalone-certificates.md ?

Using the above configuration, a SAN certificate is generated with the following details:

semantic.io
*.semantic.io

That just isn't possible, this container does not support wildcard certificate creation.

@buchdag
Copy link
Member

buchdag commented Nov 17, 2020

Closing this issue due to inactivity.

@buchdag buchdag closed this as completed Nov 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/needs-more-info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@m-sadegh-sh @buchdag