1

I have a service using finatra server running on docker container. Currently I am using letsencrypt , and I created my .pfx file etc. But I don't know how to use it with docker-compose. I have a keystore folder inside my project which has my ssl files. Here is my docker-compose.yml

version: '2'
services:
    test:
        build: target/docker/stage
        ports:
            - "9999:9999"
            - "9990:9990"
        links:
            - mongo:mongo
        depends_on:
            - mongo

    mongo:
        image: mongo
        ports:
            - "27017:27017"
        volumes:
            - ./mydb:/data/db
earlymorningtea
  • 508
  • 1
  • 9
  • 20

1 Answers1

1

I recommend using nginx and its SSL Termination capability: https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/

The nginx service should be the entry point to your application, where you terminate SSL using your provided cert/key then pass unencrypted traffic between your container apps over the overlay network.

It's a best practice to terminate SSL like this, and if you do want to encrypt network traffic within your cluster, then do so with separate certs from your ingress controller.

brandon-barnett
  • 1,035
  • 9
  • 13
  • Actually I am going to run my service in my friends server, he is using nginx already for a lot of other services, but I don't know how to run my service with his nginx because I use docker-compose. I am a bit confused. My friend has a server with nginx , and I am going to run there my service with docker-compose. I just don't know what kind of configuration I should do. – earlymorningtea Jun 09 '18 at 14:07
  • 1
    The nginx config needs to be aware of your inbound traffic on whatever domain you're using. The configuration options are available in the link I sent over. It's also OK that you're using docker-compose, though I recommend running your workload in Swarm mode in case your application dies and needs to be restarted (docker-compose won't do that). – brandon-barnett Jun 09 '18 at 14:09
  • Okay thanks for information, I will accept it! By the way do you have any examples how to setup swarm mode for my docker-compose. Basically I want to have same setup only. – earlymorningtea Jun 10 '18 at 09:32
  • 1
    Initialize a Swarm with `docker swarm init`: https://docs.docker.com/engine/reference/commandline/swarm_init/. Keep in mind there are few new cool things you've enabled now, such as running multiple instances (replicas) of your stateless services. Also check out my GitHub learning repo here: https://github.com/brbarnett/much-todo-about-containers#deploying-the-app-to-docker-swarm. Hope that helps! – brandon-barnett Jun 10 '18 at 12:04