First, I'm fairly new to docker. But this seems pretty straight forward.
I am working off of this dockerfile. I made some very basic modifications like installing openssl and generating some self-signed certs so I can use ssl in apache. Here is a section that I added to the linked dockerfile:
RUN mkdir /ssl-certs
RUN openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj \
"/C=../ST=../L=..../O=LAB/CN=....." \
-keyout /ssl-certs/ssl.key -out /ssl-certs/ssl.crt
RUN mkdir -p /etc/apache2/ssl/
COPY /ssl-certs/ssl.key /etc/apache2/ssl/ssl.key
COPY /ssl-certs/ssl.crt /etc/apache2/ssl/ssl.crt
However, when I compile this I get the following output:
=> CACHED [ 8/19] RUN openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=../ST=../L=.... 0.0s
=> CACHED [ 9/19] RUN mkdir -p /etc/apache2/ssl/ 0.0s
=> ERROR [10/19] COPY /ssl-certs/ssl.key /etc/apache2/ssl/ssl.key 0.0s
=> ERROR [11/19] COPY /ssl-certs/ssl.crt /etc/apache2/ssl/ssl.crt 0.0s
------
> [10/19] COPY /ssl-certs/ssl.key /etc/apache2/ssl/ssl.key:
------
------
> [11/19] COPY /ssl-certs/ssl.crt /etc/apache2/ssl/ssl.crt:
------
This basically tells me openssl isn't actually doing anything or docker doesn't wait for openssl to finish which doesn't seem likely. I've looked around and I can't seem to find anyone with a similar problem. Any pointers are appreciated.
CodePudding user response:
COPY /ssl-certs/ssl.key /etc/apache2/ssl/ssl.key
COPY /ssl.crt /etc/apache2/ssl/ssl.crt
The COPY command tries to access /ssl-certs on the host, not inside the container. You may try
RUN cp /ssl-certs/ssl.key /etc/apache2/ssl/ssl.key \
&& cp /ssl.crt /etc/apache2/ssl/ssl.crt
Edit: regardless that I consider as a bad practice to
- build secrets (private key) into the container, rather mount the secrets at run-time
- create non-deterministic builds (generating a new random private key)
I guess or rather hope it's for dev/education purpose, but when doing ssl, let's do it properly, even for the self-signed certificates