Arquivo da tag: SSL

x509: certificate signed by unknown authority

nano add_certs.sh

#!/bin/bash
#
if [ -z "$1" ]; then
        echo "provide a domain as an argument"
        exit;
fi

d=`date +%Y-%m-%d`
p=~/$1$d.pem
f=~/$1$d.cer

touch $f
touch $p

#  path added -- brew openssl....
#  echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc

# get pem file
openssl s_client -showcerts -connect "$1:443" -servername $1  </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >$
# https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
openssl x509 -inform PEM -in $p -outform DER -out $f

echo "new certificate"

./add_certs.sh www.googleapis.com

https://github.com/moby/moby/issues/8849
https://stackoverflow.com/questions/57328079/how-to-run-sh-file-when-container-is-running-using-dockerfile
https://gist.github.com/Artistan/5219484efb2fe51cd064175b3d0d5971
https://stackoverflow.com/questions/50768317/docker-pull-certificate-signed-by-unknown-authority
https://github.com/moby/moby/issues/8849
https://curl.haxx.se/docs/caextract.html
https://stackoverflow.com/questions/44047315/generate-a-self-signed-certificate-in-docker

Share and Enjoy !

0Shares
0 0

Nginx.conf

upstream puma {
  server unix:///home/deploy/apps/exemplo/shared/tmp/sockets/exemplo-puma.sock;
}

server {
  listen 80 default_server deferred;
  server_name exemplo.com www.exemplo.com;

  return 301 https://exemplo.com$request_uri;
}

ssl_certificate /etc/letsencrypt/live/exemplo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exemplo.com/privkey.pem;

server {
  listen 443 ssl;
  server_name exemplo.com;

  root /home/deploy/apps/exemplo/current/public;
  access_log /home/deploy/apps/exemplo/current/log/nginx.access.log;
  error_log /home/deploy/apps/exemplo/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  location /cable {
    proxy_pass http://puma;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}

Share and Enjoy !

0Shares
0 0