Create HTTPS environment using Self-signed certificate on Nginx with Docker

I needed HTTPS environment for development about WebRTC at local.
What about you?

Preparation for docker

Dockerfile

FROM  nginx:latest
RUN apt-get update
RUN apt-get install vim -y
RUN apt-get install openssl

docker-compose.yml

version: '3'
services:
  nginx:
    image: nginx:latest
    container_name: myserver
    build: .
    tty: true
    ports:
        - "8080:80"
        - "443:443"

$ docker-compose up --build

Create self-signed certificate

Get into docker container (everything will be done on docker container after this).

$ docker exec -it myserver /bin/bash

"f6ef5d97cbf9"is container ID. It will be change on your computer.

root@f6ef5d97cbf9:/# openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
......+++++
..........+++++
e is 65537 (0x010001)
Enter pass phrase for server.key: # some cool password
Verifying - Enter pass phrase for server.key: # same as you typed

root@f6ef5d97cbf9:/# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key: # same password you typed
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP # type you like
State or Province Name (full name) [Some-State]:Tokyo # type you like
Locality Name (eg, city) []:Shibuya # type you like
Organization Name (eg, company) [Internet Widgits Pty Ltd]: # just push enter
Organizational Unit Name (eg, section) []: # just push enter
Common Name (e.g. server FQDN or YOUR name) []: # just push enter
Email Address []: # just push enter

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: # just push enter
An optional company name []: # just push enter

root@f6ef5d97cbf9:/# cp server.key server.key.org
root@f6ef5d97cbf9:/# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org: # same PW you typed
writing RSA key

root@f6ef5d97cbf9:/# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok
subject=C = JP, ST = Tokyo, L = Shibuya, O = Internet Widgits Pty Ltd
Getting Private key

root@f6ef5d97cbf9:/# cp server.crt /etc/nginx/
root@f6ef5d97cbf9:/# cp server.key /etc/nginx/

Change configuration on nginx

root@f6ef5d97cbf9:/# vim /etc/nginx/nginx.conf

/etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

#--- add this area
    server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/server.crt;
        ssl_certificate_key /etc/nginx/server.key;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }
    }
#---
}

root@f6ef5d97cbf9:/# nginx -s reload

Add html file which you'd like to see via SSL

root@f6ef5d97cbf9:/# vim /etc/share/nginx/index.html

/etc/share/nginx/index.html

Hello, ssl page!

It's time to end

Then, access below.
https://localhost

You will face this warning page, but you can do it.



You got it!