|
@@ -64,18 +64,18 @@ To enable SSL:
|
|
|
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
|
|
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
|
|
|
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
|
|
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
|
|
|
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
|
|
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
|
|
|
-`foo.bar.com.crt` and 'foo.bar.com.key' file in the certs directory.
|
|
|
|
|
|
|
+`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
|
|
|
|
|
|
|
|
#### Wildcard Certificates
|
|
#### Wildcard Certificates
|
|
|
|
|
|
|
|
-Wildcard certificate and keys should be name after the domain name with a `.crt` and `.key` extension.
|
|
|
|
|
-For example `VIRTUAL_HOST=foo.bar.com` could also use cert name `bar.com.crt` and `bar.com.key`.
|
|
|
|
|
|
|
+Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.
|
|
|
|
|
+For example `VIRTUAL_HOST=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
|
|
|
|
|
|
|
|
#### SNI
|
|
#### SNI
|
|
|
|
|
|
|
|
If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>`
|
|
If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>`
|
|
|
to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com`
|
|
to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com`
|
|
|
-could be name `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com`
|
|
|
|
|
|
|
+could be named `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com`
|
|
|
and `CERT_NAME=shared` will then use this shared cert.
|
|
and `CERT_NAME=shared` will then use this shared cert.
|
|
|
|
|
|
|
|
#### How SSL Support Works
|
|
#### How SSL Support Works
|
|
@@ -92,6 +92,6 @@ is always preferred when available.
|
|
|
* If the container does not have a usable cert, a 503 will be returned.
|
|
* If the container does not have a usable cert, a 503 will be returned.
|
|
|
|
|
|
|
|
Note that in the latter case, a browser may get an connection error as no certificate is available
|
|
Note that in the latter case, a browser may get an connection error as no certificate is available
|
|
|
-to establish a connection. A self-signed or generic cert can be defined as "default.crt" and "default.key"
|
|
|
|
|
-which will allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive
|
|
|
|
|
-a 503.
|
|
|
|
|
|
|
+to establish a connection. A self-signed or generic cert named `default.crt` and `default.key`
|
|
|
|
|
+will allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive
|
|
|
|
|
+a 503.
|
Jason Wilder