sgdan/Start-rancher2-self-signed-cert.sh

## Start-rancher2-self-signed-cert.sh
# The Rancher 2 server container generates its own certificate but for some reason
# my browser wouldn't accept it, and didn't give me the option to override. Here's
# a way to generate a self-signed cert and use it to start the container.

# Note: I ran this on Git Bash shell in Windows 10, format for Linux may differ

# Generate certificate and key
openssl req -x509 -newkey rsa:4096 \
    -keyout key.pem -out cert.pem \
    -days 1000 -nodes \
    -subj "//C=AU\ST=NSW\L=Sydney\OU=Org\CN=dockerlocal"

# Create volume and container (without starting)
docker volume create rancher_certs
docker container create --name=rancher \
    --restart=unless-stopped \
    -p 8080:80 -p 8443:443 \
    -v rancher_certs:/etc/rancher/ssl \
    rancher/rancher --no-cacerts

# Copy certs
docker cp key.pem rancher:/etc/rancher/ssl/key.pem
docker cp cert.pem rancher:/etc/rancher/ssl/cert.pem
docker cp cert.pem rancher:/etc/rancher/ssl/cacerts.pem # CA is the cert itself

docker start rancher
	# The Rancher 2 server container generates its own certificate but for some reason
	# my browser wouldn't accept it, and didn't give me the option to override. Here's
	# a way to generate a self-signed cert and use it to start the container.

	# Note: I ran this on Git Bash shell in Windows 10, format for Linux may differ

	# Generate certificate and key
	openssl req -x509 -newkey rsa:4096 \
	-keyout key.pem -out cert.pem \
	-days 1000 -nodes \
	-subj "//C=AU\ST=NSW\L=Sydney\OU=Org\CN=dockerlocal"

	# Create volume and container (without starting)
	docker volume create rancher_certs
	docker container create --name=rancher \
	--restart=unless-stopped \
	-p 8080:80 -p 8443:443 \
	-v rancher_certs:/etc/rancher/ssl \
	rancher/rancher --no-cacerts

	# Copy certs
	docker cp key.pem rancher:/etc/rancher/ssl/key.pem
	docker cp cert.pem rancher:/etc/rancher/ssl/cert.pem
	docker cp cert.pem rancher:/etc/rancher/ssl/cacerts.pem # CA is the cert itself

	docker start rancher