How to set self ssl inside tls config in docker #5651

vahidalvandi · July 26, 2023, 4:48am

i want to use this s

sample.com {
        root * /workspace/public
        file_server
        encode gzip
        php_fastcgi app:9000 {
            root /workspace/public/
        }
        tls {
            protocols tls1.2 tls1.3
            ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        }
        @cachedFiles {
            path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.webp *.svg *.woff *.woff2
        }
        header @cachedFiles Cache-Control "public, max-age=31536000, must-revalidate"
        
        # HSTS (63072000 seconds)
        header / Strict-Transport-Security "max-age=63072000"
}

also i want to set my cert in tls like tls /etc/ssl/mycert-chain.pem /etc/ssl/mykey.pem but not work.please show me how to config ssl in tls

        tls {
            protocols tls1.2 tls1.3
            ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        }

francislavoie · July 27, 2023, 10:20pm

What do you mean it doesn’t work? What’s your evidence that it doesn’t work? What does it show in your logs? Please be more specific.

Also, there’s no need to specify protocols or ciphers. Caddy uses secure defaults and changing them can only lower your security.

vahidalvandi · August 8, 2023, 2:57pm

I need to use my own ssl

victor · August 8, 2023, 3:39pm

The format for your own SSL would be

tls /usr/local/etc/pki/tls/certs/fullchain.pem /usr/local/etc/pki/tls/private/privkey.pem

The paths should be the paths to your cert and key.

vahidalvandi · August 22, 2023, 1:41pm

Where should I put a path in the cert disk and mount it to the docker volume?

victor · August 22, 2023, 1:59pm

I don’t use docker. I just know the above format works if the files are present.

francislavoie · August 24, 2023, 10:39pm

How you mount the files into your Docker container is up to you. But you can either copy it into your container at build time with a Dockerfile, or use a bind mount to put it somewhere like /certs, etc.

Either way, the syntax is tls <cert.pem> <key.pem> as per tls (Caddyfile directive) — Caddy Documentation

system · September 23, 2023, 10:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.