12-06-2017 09:45 PM
Team,
Does anyone have some guidance on changing out the SSL certificates on the MineMeld Docker container? Should we modify the dockerfile to include a COPY command? Is there a way to just shunt it in via mapping an additional VOLUME during the "docker run"?
Thanks again for an awesome tool!
Regards,
Nasir
12-07-2017 12:01 AM
Hi @nbilal,
I just build a new docker image based on the jtschichold/minemeld one.
Create a new folder and place there the certificate components (minemeld.cer, minemeld.pem). In that same folder create a file named 'Dockerfile' with the following contents:
FROM jtschichold/minemeld ADD minemeld.cer /etc/nginx ADD minemeld.pem /etc/nginx
Then run the command 'docker build -t myminemeld .' in that folder. A new docker image called 'myminemeld' will be created with your certificates in it.
12-07-2017 12:01 AM
Hi @nbilal,
I just build a new docker image based on the jtschichold/minemeld one.
Create a new folder and place there the certificate components (minemeld.cer, minemeld.pem). In that same folder create a file named 'Dockerfile' with the following contents:
FROM jtschichold/minemeld ADD minemeld.cer /etc/nginx ADD minemeld.pem /etc/nginx
Then run the command 'docker build -t myminemeld .' in that folder. A new docker image called 'myminemeld' will be created with your certificates in it.
12-07-2017 04:21 AM - edited 12-07-2017 09:31 AM
Thanks @xhoms!
This worked perfectly. I didn't realize playing with the container filesystem was so easy! For reference for others, here's the process I went through to get the new certs on, build the new container, and launch it with the appropriate options:
# SCP THE PKCS12 BSTAR WILDCARD CERT TO DOCKER HOST (docker host is 10.1.1.1)
scp wildcard.domain.com.p12 user@10.1.1.1:~/wildcard.domain.com.p12
# EXTRACT KEY AND CERT FILES FROM THE PKCS12 (assuming that it’s password-protected with ‘paloalto')
openssl pkcs12 -in wildcard.domain.com.p12 -out minemeld.cer -clcerts -nokeys -passin pass:paloalto
openssl pkcs12 -in wildcard.domain.com.p12 -out minemeld.pem -nocerts -nodes -passin pass:paloalto
# CREATE A DOCKERFILE TO REBUILD MINEMELD CONTAINER WITH THE NEW CERT INCLUDED
vi Dockerfile
FROM jtschichold/minemeld
ADD minemeld.cer /etc/nginx
ADD minemeld.pem /etc/nginx
# BUILD THE NEW DOCKER CONTAINER
docker build -t my_minemeld .
# RUN THE NEW DOCKER CONTAINER
docker run -dit --name mm_01 --restart unless-stopped --tmpfs /run -v /opt/minemeld-docker/:/opt/minemeld/local -p 443:443/tcp my_minemeld
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
