Reputation: 4077
Docker WSL2 SSL certificate for local HTTPS
I'm running Windows 10 Pro and WSL2 (using Ubuntu 20.4) and want to set docker up so that I can dev locally using https.
In my windows /etc/hosts I have set up the following aliases.
127.0.0.1 api.myapp.local
127.0.0.1 client.myapp.local
127.0.0.1 admin.myapp.local
# Added by Docker Desktop
192.168.5.81 host.docker.internal
192.168.5.81 gateway.docker.internal
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
I checked my /etc/hosts in WSL and verified that the changes had been automatically persisted.
In my docker-compose file I have the following two services to A) create certificates B) mount them to my nginx container
version: "3"
networks:
myapp:
driver: bridge
services:
# Build certificates for nginx.
mkcert:
container_name: mkcert
image: vishnunair/docker-mkcert
environment:
domain: client.myapp.local,admin.myapp.local
volumes:
- ./nginx/certs-enabled/:/root/.local/share/mkcert
nginx:
volumes:
- ./nginx/certs-enabled/:/etc/nginx/certs
- ./nginx/logs:/var/log/nginx
- ./nginx/sites-enabled:/etc/nginx/conf.d
container_name: nginx
depends_on:
- mkcert
image: nginx:1.19
command: nginx -g "daemon off;"
networks:
- ${NETWORK}
ports:
- 80:80
- 443:443
The certificates that get installed to ./nginx/certs-enabled are mounted successfully into the container and I installed the generated rootCA.pem admin.myapp.pem client.myapp.pem certificates into windows Trusted Root Certificates. a rootCA-key.pem admin.myapp-key.pem, client.myapp-key.pem are also generated, but I don't install these as I don't believe that's required?
I restarted my PC and if I visit https://admin.myapp.local for example, I get the following error: 
the thing that confuses me about this is that the certificate that is being used for that local domain is an expired VMWare one, but I'm not using VMWare with docker (it's running through hypervisor as far as I'm aware, and I've also configured/installed the appropriate certs for that domain)
Nginx config for completeness
server {
listen 80;
listen [::]:80;
server_name client.myapp.local default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/certs/client.myapp.local.pem;
ssl_certificate_key /etc/nginx/certs/client.myapp.local-key.pem;
server_name client.myapp.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
include /etc/nginx/snippets/myapp-common.conf;
}
Upvotes: 4
Views: 3707
Answers (1)
Reputation: 4077
This was extremely frustrating, I uninstalled VMWare from my machine and rebooted, everything now works. Something must be conflicting when resolving the host
Upvotes: 1
Related Questions
- nginx SSL no start line: expecting: TRUSTED CERTIFICATE
- WSL-Docker: curl: (60) SSL certificate problem: unable to get local issuer certificate
- Adding SSL certs to NGINX docker container
- SSL It does not work properly Docker nginx
- SSL certificate on local Laradock Nginx project
- nginx / docker / ssl for localhost
- How to set up SSL in Docker container
- Docker Nginx complains: SSL: error:02001002
- Nginx https issues docker-compose
- docker-machine + docker-compose + ssl (lets encrypt through nginx & certbot)