This project forked from googlecloudplatform/nginx-ssl-proxy
Home Page: http://blog.ployst.com/development/2015/12/22/letsencrypt-on-kubernetes.html
License: Apache License 2.0
Kubernetes doesn't support mapping two secrets to the same directory... They're mounted as volumes and you can't put one volume inside another or merge the keys in any way.
In the meantime, is there something we can do with this container to make it easier to work with? Possible solutions:
AUTH_LOCATION./etc/auth/htpasswd.1 would be more backward compatible, but is anyone successfully utilizing the current configuration? 2 avoids adding an additional config parameter, and feels a little bit more aware of the present kubernetes limitations.
Can you post or send a service and replicationController example of your nginx and letsencrypt?
I'm having got this error message :
unable to decode "./nginx-ssl-proxy-deployment.yml": [pos 128]: json: expect char '"' but got char '{'
That is my RC and SVC .yml of my nginx and letsencrypt:
kind: Service
apiVersion: v1
metadata:
name: letsencrypt-service
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: letsencrypt
role: cert-app
---
kind: ReplicationController
apiVersion: v1
metadata:
name: letsencrypt-rc
labels:
name: letsencrypt
role: cert-app
spec:
replicas: 1
selector:
name: letsencrypt
role: cert-app
template:
metadata:
name: letsencrypt-rc
labels:
name: letsencrypt
role: cert-app
spec:
containers:
- name: letsencrypt
image: ployst/letsencrypt:0.0.3
env:
- name: EMAIL
value: [email protected]
- name: DOMAINS
value: [MY DOMAIN, FOR NOW, IT'S MY EXTERNAL IP. WORKS?]
- name: RC_NAMES
value: nginx-ssl-proxy-api
ports:
- name: ssl-proxy-http
containerPort: 80
kind: Service
apiVersion: v1
metadata:
name: nginx-ssl-proxy-service
spec:
ports:
- name: https
port: 443
targetPort: ssl-proxy-https
protocol: TCP
- name: http
port: 80
targetPort: ssl-proxy-http
protocol: TCP
selector:
name: nginx-ssl-proxy-api
role: ssl-proxy
type: LoadBalancer
externalIPs: [xxx.xxx.xxx.xxx]
----
kind: ReplicationController
apiVersion: v1
metadata:
name: nginx-ssl-proxy-api
labels:
name: nginx-ssl-proxy-api
role: ssl-proxy
spec:
containers:
- name: nginx-ssl-proxy-api
image: ployst/nginx-ssl-proxy:0.0.3
env:
- name: CERT_SERVICE_HOST_ENV_NAME
value: LETSENCRYPT_SERVICE_SERVICE_HOST
- name: CERT_SERVICE_PORT_ENV_NAME
value: LETSENCRYPT_SERVICE_SERVICE_PORT
Hi, sorry to bother but I really can't solve this problem.
When I run the command below,
docker run \
-e ENABLE_SSL=true \
-e TARGET_SERVICE=localhost \
-e SERVER_NAME=truemagic.cn \
-v cert.crt:/etc/secrets/proxycert \
-v key.pem:/etc/secrets/proxykey \
-v dhparam.pem:/etc/secrets/dhparam \
ployst/nginx-ssl-proxy
I got output like this
Enabling SSL...
Starting nginx...
2018/08/14 10:01:37 [emerg] 9#9: PEM_read_bio_X509_AUX("/etc/secrets/proxycert") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/secrets/proxycert") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
And here's my cert.crt:
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIQAq+F2tYpWcnVyVMHRw6jWDANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMTgwNzEwMDAwMDAwWhcNMTkwNzEwMTIwMDAwWjAX
MRUwEwYDVQQDEwx0cnVlbWFnaWMuY24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCQq+R7ZZ6CHglM9/IK8GZxpi0xF1knPo5v2QmNZka9koEY5BIOP32q
Lwpzzszlc9+Ae4uDMW4EHNWg6rbfXAmALoD3hLnz1roUQ/zklq/jQt9V1QQrxAek
Hn4m8BZSJmcPVIepvh6UQYNAkdlpCX6lbJyuYvxYKRfmfwpTbcgm5Rk35UzMQdoj
4b3V6q0bf73e4my+Zzx/iznszoia7wmGr4a5OL6OyJs5rWTtx4vQDr+/fpqodwVX
xJ2mSQWM0pEHS6oxpLlxXj3MgHYe+FRmKsktIlp89vVxx7vNSdkyvOZUpowVH1Nx
wMc9/qcb9koUFrqT1/zhaRI0Mm6psxjjAgMBAAGjggKEMIICgDAfBgNVHSMEGDAW
gBRVdE+yck/1YLpQ0dfmUVyaAYca1zAdBgNVHQ4EFgQUs+FtGkN9Xfy2IayC697+
ZxCrYSQwKQYDVR0RBCIwIIIMdHJ1ZW1hZ2ljLmNughB3d3cudHJ1ZW1hZ2ljLmNu
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
TAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwgYEGCCsGAQUFBwEBBHUwczAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AyLmRpZ2ljZXJ0LmNvbTBKBggrBgEFBQcw
AoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25FdmVyeXdo
ZXJlRFZUTFNDQS1HMS5jcnQwCQYDVR0TBAIwADCCAQUGCisGAQQB1nkCBAIEgfYE
gfMA8QB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZIPQ05sA
AAQDAEgwRgIhAL3rm5LoeSHqy7K55Ax4umjeApWBLRPwnKoslOPQ4xiXAiEAkCW2
w12WVbdnSQ6FZwTVjT3J53Vuryq4Lrw2wL4Ru1kAdgCHdb/nWXz4jEOZX73zbv9W
jUdWNv9KtWDBtOr/XqCDDwAAAWSD0NR4AAAEAwBHMEUCIAk5ZrVtHvhep+x0e6Dq
81cONsgRkzybcEQZTPt8Y71RAiEAtnZuEolfFt0m8rP93RS+lHVTK/oltLAOuDaJ
T/ZAvE0wDQYJKoZIhvcNAQELBQADggEBAI22LlKAvY4sdOj2l6N4z1mmS6Usi4vc
BIf90GgZ2OYsBfjKjfF/1aIlRpcrb0eEcKd+2UEqOZ2dX1PfRdHUL+ki7j39j4Sn
BDVLaP6+Dmb5DTCnIfmyZgv/Hz02L6jhwBHx7GyET6TIaFYyLYCsJHhcVcwheSpx
vSi+/2v2AchKb4oihYB6dwVRERWwB3PcoftdIl1f5lbDiC0icpSkeZpAs30sUOpA
xpZBE+a8P+EV7MeKVM/jHAaICwpFFe6ygfl8mJgx90PjVAmg1/UFlcOxwN/mAYH7
xbo/IAsAcDMK57tvkgvftNKNt2uy2BuhYXxWbL+5HIaZdaGdGZ4xca8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----
Could you tell me where I am wrong? Is this some kind of format problem or what?
Thanks!
Hi , i am trying to implement this (that was written by you) and i need your help to clarify some things:
Thanks in advanced!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.