Dockerfile: Trying to create openssl certs. No errors but no files created-CodePudding

I have the following Dockerfile:

FROM nginx:latest
RUN apt-get update \
  && apt-get -y install openssl \
  && apt-get -y install vim
RUN mkdir -p /etc/nginx/snippets
RUN mkdir -p /etc/openssl
RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/openssl/nginx-selfsigned.key -out /etc/openssl/nginx-selfsigned.crt -subj "/C=US/ST=NY/L=NY/O=ACME/OU=CD/CN=AcmeWPDeveloper"

I don't get an errors but when I log into the container, the openssl directory is empty.

What I've checked:

all directories I try to create exist on the new container.
openssl is installed.

Test that /etc/openssl folder exists:

PS C:\Users\me\src\tests\nginx\wordpress-nginx-docker> docker exec -it --user="root" nginx bash
root@59ab746371ba:/# ls -lah /etc/openssl/
total 4.0K
drwxrwxrwx 1 root root 4.0K Oct 27 14:30 .
drwxr-xr-x 1 root root 4.0K Oct 27 14:30 ..
root@59ab746371ba:/# exit

Check for the snippets folder:

root@6ee5da5f4b16:/# ls -lah /etc/nginx/
total 36K
drwxr-xr-x 1 root root 4.0K Oct 27 14:31 .
drwxr-xr-x 1 root root 4.0K Oct 27 14:31 ..
drwxrwxrwx 1 root root 4.0K Oct 27 14:18 conf.d
-rw-r--r-- 1 root root 1007 Sep  7 15:21 fastcgi_params
-rw-r--r-- 1 root root 5.2K Sep  7 15:21 mime.types
lrwxrwxrwx 1 root root   22 Sep  7 15:38 modules -> /usr/lib/nginx/modules
-rw-r--r-- 1 root root  648 Sep  7 15:38 nginx.conf
-rw-r--r-- 1 root root  636 Sep  7 15:21 scgi_params
drwxr-xr-x 2 root root 4.0K Oct 27 14:31 snippets
-rw-r--r-- 1 root root  664 Sep  7 15:21 uwsgi_params

Check to make sure openssl package was installed:

 root@6ee5da5f4b16:/# openssl
 OpenSSL> ^C
 root@6ee5da5f4b16:/#

When I run the command manually on the container, it works:

root@6ee5da5f4b16:/# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/openssl/nginx-selfsigned.key -out /etc/openssl/nginx-selfsigned.crt -subj "/C=US/ST=NY/L=NY/O=ACME/OU=CD/CN=AcmeWPDeveloper"
Generating a RSA private key
..........................................     
.......     
writing new private key to '/etc/openssl/nginx-selfsigned.key'
-----
root@6ee5da5f4b16:/# ls -lah /etc/openssl/
total 12K
drwxrwxrwx 1 root root 4.0K Oct 27 14:36 .
drwxr-xr-x 1 root root 4.0K Oct 27 14:31 ..
-rw-r--r-- 1 root root 1.3K Oct 27 14:36 nginx-selfsigned.crt
-rw------- 1 root root 1.7K Oct 27 14:36 nginx-selfsigned.key
root@6ee5da5f4b16:/#

EDIT 1

Here's the docker-compose file that consumes the Dockerfile: (just the nginx stanza shown)

 nginx:
    #image: nginx:${NGINX_VERSION:-latest}
    container_name: nginx
    ports:
      - '8085:8085'
      - '443:443'
    build: .
    volumes:
      - ${NGINX_CONF_DIR:-./nginx}:/etc/nginx/conf.d
      - ${NGINX_LOG_DIR:-./logs/nginx}:/var/log/nginx
      - ${WORDPRESS_DATA_DIR:-./wordpress}:/var/www/html
      - ${SSL_CERTS_DIR:-./certs}:/etc/openssl
      - ${SSL_CERTS_DATA_DIR:-./certs-data}:/data/openssl

CodePudding user response：

With this instruction…

volumes:
  - ${SSL_CERTS_DIR:-./certs}:/etc/openssl

…you are "overriding" the already existing /etc/openssl of the image (which does contain the files) with your (empty) volume when starting the container.