CODEWITHSUNDEEP
nginx
3therk1ll
3therk1ll

Reputation: 2441

Nginx set SSL certificate values from environment variables

I am trying to set Nginx ssl server values from environment variables for Dockerised reverse proxy so I can avoid having to configure multiple files.

The issue I am having is that Nginx is either not recognising the environment variables or is giving me syntax error stating that I have not terminated the line with a ;.

This is the error I get:

nginx_1 | nginx: [emerg] directive "ssl_certificate" is not terminated by ";" in /etc/nginx/conf.d/default.conf:10

My ngnx.conf

server { 
    listen 443 ssl;
    listen [::]:443 ssl;

    include /etc/nginx/snippets/ssl-params.conf;

    server_name         website.com www.website.com;
    access_log          /vol/log/nginx/website.access.log;
    error_log           /vol/log/nginx/website.error.log;
    ssl_certificate     /etc/ssl/$ENV{FULLCHAIN} ;
    ssl_certificate_key /etc/ssl/$ENV{PRIVKEY} ;
    
    location /static {
        alias /vol/static;
    }

    location / {
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-NginX-Proxy true;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_pass              http://app:5000/;
        proxy_ssl_session_reuse off;
        proxy_set_header        Host $http_host;
        proxy_cache_bypass      $http_upgrade;
        proxy_redirect          off;
        client_max_body_size    10M;
    }
}

I have also tried variations such as the below but nothing seems to be valid:

/etc/ssl/$ENV{FULLCHAIN} /etc/ssl/$FULLCHAIN /etc/ssl/"$ENV{FULLCHAIN}"

I have already checked the envionment variables is sh and they are present, it is only Nginx that cannot see them.

What is the correct way to do this or am I better off doing some bash fu to edit when I build?

Upvotes: 1

Views: 3027

Answers (1)

ybustamante
ybustamante

Reputation: 46

you can create a sh file that take env variables and save as a file .cer, pem... and add this file as entrypoint.

Example docker-set-certificates.sh>

#!/bin/bash
set -e

mkdir -p /etc/ssl
echo "$SSL_Server_Certificate" >> /etc/ssl/SSL_Server_Certificate.cer
echo "$SSL_Server_key" >> /etc/ssl/SSL_Server_key.pem
echo "$SSL_Client_Certificate" >> /etc/ssl/SSL_Client_Certificate.cer

exec "$@"

In the dockerFile>

ENTRYPOINT [ "/etc/ssl/docker-set-certificates.sh" ]
CMD ["nginx", "-g", "daemon off;"]

Done!!

Upvotes: 3

Related Questions