Hi Sean,
The best practice for a containerized environment is to delegate the SSL stuff to a Load Balancer/Web Server. In fact, this is the main advice in any environment (check the “warning” section). Here is an example:
docker-compose.yml:
version: '3' services: nginx: image: nginx:alpine container_name: nginx hostname: nginx restart: unless-stopped volumes: - ./config/nginx.conf:/etc/nginx/conf.d/default.conf:ro - ./certs:/etc/nginx/certs ports: - 443:443 rundeck: image: rundeck/rundeck:5.8.0 ports: - 4440:4440 environment: RUNDECK_GRAILS_URL: https://localhost:443 RUNDECK_SERVER_FORWARDED: "true"NGINX config: ./config/nginx.conf:
server { listen 443 ssl; server_name rundeck-cl; ssl_certificate /etc/nginx/certs/nginxcert.crt; ssl_certificate_key /etc/nginx/certs/nginx.key; location / { proxy_pass http://rundeck:4440; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } }In this example, the certificates (nginx.key and nginxcert.crt files) are located in the .certs directory as you see in the docker-compose.yml file.
Regards!