如何将 SSL 证书添加到 asp.net core docker swarm +letsencrypt?
[英]How to add SSL cert to asp.net core docker swarm + letsencrypt?
问题描述
I have an asp.net core app running on Docker Swarm, what is an efficient way to add SSL capabilities to the app and have the cert update itself through letsencrypt and certbot?
我有一个在 Docker Swarm 上运行的 asp.net 核心应用程序,向应用程序添加 SSL 功能并通过 letencrypt 和 certbot 自行更新证书的有效方法是什么?
I know about Docker Swarm Secrets, but they are immutable so I can't just change the secret when the cert is updated.我知道 Docker Swarm Secrets,但它们是不可变的,因此我不能在证书更新时更改密钥。
1 个解决方案
解决方案1
1 2020-02-12 21:29:15
Here is the solution that I came up with!这是我想出的解决方案! Feel free to chip in with ideas to make it better :)随意提出想法以使其更好:)
[Sorry about the formatting, I couldn't get it to do what I wanted] [抱歉格式化,我无法让它做我想做的事]
- I set up a certbot deployment on one of the Docker Swarm hosts and got the cert for the correct domain as well as setup certbot to automatically request new certs when available.我在其中一台 Docker Swarm 主机上设置了 certbot 部署,并获得了正确域的证书,并设置了 certbot 以在可用时自动请求新证书。
Update your app with a few necessities for using certs:
使用证书的一些必需品更新您的应用程序:docker service update <yourswarmapp> --env-add Kestrel__Certificates__Default__Password="cert-password" --env-add Kestrel__Certificates__Default__Path=/run/secrets/defaultcert --env-add ASPNETCORE_URLS="https://;"Install this bash script on your machine to run daily from a root cronjob.
在您的机器上安装这个 bash 脚本,每天从根 cronjob 运行。 (Make sure to set your own domain and passwords) (确保设置自己的域和密码)SecretName=$(date +%Y-%m-%d)
SecretName=$(日期+%Y-%m-%d)OldSecretName=$(date --date yesterday +%Y-%m-%d)
OldSecretName=$(date --date昨天+%Y-%m-%d)DomainName=your.domain
域名=您的.域AppName=yourswarmapp
应用程序名称=你的应用程序cd /etc
光盘 / 等cd letsencrypt
光盘让加密cd live
光盘直播cd $DomainName
cd $域名openssl pkcs12 -export -out ${DomainName}.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passin pass: -passout pass:
openssl pkcs12 -export -out ${DomainName}.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passin pass: -passout pass:sudo docker secret create $SecretName /etc/letsencrypt/archive/$DomainName/${DomainName}.pfx
sudo docker 秘密创建 $SecretName /etc/letsencrypt/archive/$DomainName/${DomainName}.pfxsudo docker service update --secret-add $SecretName --secret-rm $OldSecretName --env-add Kestrel__Certificates__Default__Path=/run/secrets/$SecretName $AppName
sudo docker service update --secret-add $SecretName --secret-rm $OldSecretName --env-add Kestrel__Certificates__Default__Path=/run/secrets/$SecretName $AppNamesudo docker secret rm $OldSecretName
须藤 docker 秘密 rm $OldSecretNameSit back and enjoy your automatically updating and cleaning SSL enabled app.
坐下来享受您的自动更新和清理启用 SSL 的应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.