Skip to content

Instantly share code, notes, and snippets.

@vmpartner

vmpartner/gist:8fb844fedc0bdc77ea06470c84110450

Created May 9, 2023 10:00
Show Gist options
  • Save vmpartner/8fb844fedc0bdc77ea06470c84110450 to your computer and use it in GitHub Desktop.
Save vmpartner/8fb844fedc0bdc77ea06470c84110450 to your computer and use it in GitHub Desktop.
Download ZIP
Bitrix docker desktop WSL: Ошибка Работа с сокетами
Raw
gistfile1.txt
| Сначала делаем локальный сертификат
Create folder
```bash
mkdir /root/ssl
```
1. Generate root authority center
```bash
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=RU/CN=My-Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
```
2. Create file domains.ext:
```text
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = my.local
DNS.2 = sub1.my.local
DNS.3 = sub2.my.local
```
3. Add myCA.pem to local PC root cert (RootCA.crt double click and import into "trust root cert")
4. Generate key and cert of domain
```bash
openssl req -new -nodes -newkey rsa:2048 -keyout privkey.pem -out fullchain.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=Avangard-Certificates/CN=my.local"
```
5. Sign
```bash
openssl x509 -req -sha256 -days 1024 -in fullchain.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out fullchain.pem
```
6. Copy
```bash
mkdir -p /etc/letsencrypt/live/my.ru
cp -r /root/ssl/fullchain* /etc/letsencrypt/live/my.ru/
cp -r /root/ssl/privkey.pem /etc/letsencrypt/live/my.ru/
```
7. Set cert to nginx docker compose
```yml
nginx:
image: my:v1.0.0
container_name: nginx
build:
context: ./nginx
dockerfile: Dockerfile
links:
- php74-fpm:php
depends_on:
- php74-fpm
volumes:
- /var/www/my/nginx/letsencrypt:/etc/letsencrypt:ro
- /etc/localtime:/etc/localtime:ro
ports:
- 80:80
- 443:443
- 8080:8080
- 8083:8083
networks:
- my
restart: unless-stopped
```
8. set in nginx
```conf
server {
listen 443 ssl;
server_name _;
charset utf-8;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/letsencrypt/live/my.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.ru/privkey.pem;
```
|| Добавляем корневой в php Dockerfile
```Dockerfile
ADD RootCA.crt /usr/local/share/ca-certificates/
RUN apt-get update && apt-get -y --no-install-recommends install ca-certificates && update-ca-certificates
```
||| Добавляем хост в php docker compose
```yml
php74-fpm:
image: my:v1.0.0
container_name: php74-fpm
build:
context: ./php74-fpm
dockerfile: Dockerfile
links:
- mysql
- memcached
depends_on:
- mysql
- memcached
extra_hosts:
- "my.local www.my.local:192.168.2.2" # 192.168.2.2 - windows host
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment