To answer that question, this isn’t possible at the moment without adjusting and re-building the gsad container image (gvmd has nothing to do with https) by yourself.
That one is mine. For future reference you can get to me a lot quicker with an issue here:
use HTTPS=true will enable the HTTPS and create certificates if they don’t already exists.
You could then replace them as you suggested.
The startup scripts install the keys as:
I found this thread due to its subject, but the thread turned to another project. There is a solution to enabling SSL in gsad in the community container set. After a lot of trial and error, the solution is quite easy, I’m surprised no one has posted it in the documentation or on this forum before (at least that search finds).
It requires 2 modifications to the docker-compose.yaml and the creation of a certificate/key pair.
First find the “gsa” block in the yaml file and change the block to be like this:
First adding the environment option overrides the default passed to the gsad program (default is --http-only), this enables the SSL port, and disables the redirection on port 80, which isn’t needed and sometimes causes issues starting for reasons…
Second change the target (internal) port from 80 to 443 gsad will now listen to
Third is the addition of the secrets block to provide the container with a certificate and key, in the locations it expects them by default.
Next ADD to the bottom of the docker-compose.yaml, a block like this:
This block defines the secrets used in the gsa block. The paths here are wherever you want to put the files. They can be generated easily enough, example for cert gen:
Thanks @bricks for describing this!
Much neater solution than using another container.
I’d like to add the possibility of using an override file, instead of editing the provided yml.
Create a file called docker-compose.override.yml next to the provided docker-compose.yml, including just the additions:
That’s weird. Normally, compose should always (try to) process it.
Double check it for errors, as @rippledj suggested.
You can always check your configs for errors (and view the resulting configuration) with
Finally I connect to gsa container in order to look at permission on secrets files :
I don’t have any clue on how to solve the problem, because when I look at the config of docker-compose.yml, everything look perfectly similar to meredith config :
My colleagues have taken me an solution)
Just add to docker-compose.yml nginx container with keys and link it to gsa.
It works corretly and like kind of proxy.
Proof:
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 not offered