From e19d3cea29644903f4b34337aec7ae8bc77ef074 Mon Sep 17 00:00:00 2001 From: Ben Meynell Date: Fri, 10 Apr 2020 19:05:11 -0400 Subject: [PATCH] added ability to define custom server name; fixed chrome/brave ssl issues using subjectAltName --- Dockerfile | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index d7fe390..70b428a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -126,13 +126,32 @@ FROM alpine:latest AS symfony_h2-proxy-cert RUN apk add --no-cache openssl +# Allow to set server name +ARG SERVER_NAME="localhost" +ENV SERVER_NAME=${SERVER_NAME} + # Use this self-generated certificate only in dev, IT IS NOT SECURE! +# create the private key RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048 -RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key -RUN rm server.pass.key +RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key \ + && rm server.pass.key + +# create a request to sign certificate RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \ - -subj '/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=localhost' -RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt + -subj "/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=${SERVER_NAME}" + +# create an extensions configuration file +RUN set -eux; \ + { \ + echo "[ v3_ca ]"; \ + echo "subjectAltName = DNS:${SERVER_NAME}"; \ + echo "extendedKeyUsage = serverAuth"; \ + } > extfile.cnf + +# create the signed certificate +RUN openssl x509 -req -sha256 -extensions v3_ca -extfile extfile.cnf -days 365 \ + -in server.csr -signkey server.key -out server.crt \ + && rm extfile.cnf ### "h2-proxy" stage FROM nginx:${NGINX_VERSION}-alpine AS symfony_h2-proxy