Im currently running NGINX on a Docker container. In an EC2 instance running Ubuntu 20.04 I have stored the SSL keys in the directory /etc/ssl/certs. I have the certificate and I have the key.
When I run the NGINX container locally I'm able to read from /etc/ssl/certs and the keys have the following permissions.
/etc/nginx/certs # ls -lah
total 12K
drwxr-xr-x 4 root root 128 Jan 5 22:16 .
drwxr-xr-x 1 root root 4.0K Jan 6 20:56 ..
-rw-r--r-- 1 root root 241 Jan 5 22:19 domus.key
-rw-r--r-- 1 root root 1.2K Jan 5 22:53 domus.pem
However, when I try to run the NGINX container within the EC2 instance with the following command:
docker run -d -p 443:443 -p 80:80 -u root -v /etc/ssl/certs:/etc/nginx/certs 185ea737e05e
I get the following error:
nginx: [emerg] cannot load certificate key "/etc/nginx/certs/domus.key": BIO_new_file() failed (SSL:
error:80000002:system library::No such file or directory:calling
fopen(/etc/nginx/certs/domus.key, r) error:10000080:BIO routines::no
such file)
It seems that nginx was able to read the domus.pem file but not the key in file domus.key. Since in the configuration we can see that domus.pem is read first.
# HTTPS server
#
server {
listen 443 ssl;
server_name somedomain.com www.somedomain.com;
ssl_certificate /etc/nginx/certs/domus.pem;
ssl_certificate_key /etc/nginx/certs/domus.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://127.0.0.1:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
include servers/*;
Is there a way in which I can run the docker container within EC2 so NGINX has access to /etc/nginx/certs/domus.key?
