Glebaster/forum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
forum/docs/tls.md
Cyrille Perois f74c8c6cb8
docs: fix command to run containers (#512) 
* docs(production): fix command to run containers

The commands were pointing to a `docker-compose.yml` file that doesn't exist. It's `compose.yaml` now.

* docs(tls): update config file name

* docs(extra-services): update config file name
2023-11-20 12:51:54 +01:00

40 lines
1.7 KiB
Markdown
Raw Blame History

# TLS Certificates
## Trusting the Authority
With a standard installation, the authority used to sign certificates generated in the Caddy container is not trusted by your local machine.
You must add the authority to the trust store of the host :
```
# Mac
$ docker cp $(docker compose ps -q php):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
# Linux
$ docker cp $(docker compose ps -q php):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
# Windows
$ docker compose cp php:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
```
## Using Custom TLS Certificates
By default, Caddy will automatically generate TLS certificates using Let's Encrypt or ZeroSSL.
But sometimes you may prefer using custom certificates.
For instance, to use self-signed certificates created with [mkcert](https://github.com/FiloSottile/mkcert) do as follows:
1. Locally install `mkcert`
2. Create the folder storing the certs:
`mkdir frankenphp/certs -p`
3. Generate the certificates for your local host (example: "server-name.localhost"):
`mkcert -cert-file frankenphp/certs/tls.pem -key-file frankenphp/certs/tls.key "server-name.localhost"`
4. Add these lines to the `./compose.override.yaml` file about `CADDY_EXTRA_CONFIG` environment and volume for the `php` service :
```diff
php:
environment:
+ CADDY_EXTRA_CONFIG: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
# ...
volumes:
+ - ./frankenphp/certs:/etc/caddy/certs:ro
- ./public:/app/public:ro
```
5. Restart your `php` service
Reference in New Issue View Git Blame Copy Permalink