Certificate generator with docker-compose
by kzo81 from LinuxQuestions.org on (#6GBTB)
Hi Folks,
I got this minimal setup for a reverse proxy, but for some reason it only runs on local machine, however there is still an error.
Do you have any idea?
Code:# docker-compose.yml
version: "3.5"
services:
certificate_generator:
container_name: certificate_generator
image: docker.io/maptiler/tileserver-gl:latest
entrypoint: bash
command: /tmp/certgen.sh
working_dir: /tmp/certs/
volumes:
- ./certgen.sh:/tmp/certgen.sh:ro
- ./certs:/tmp/certs/
restart: "no"Code:#generate-certificates.sh
KEY="mapserver.key"
CRT="mapserver.crt"
DAYS=365
STATE="Hungary"
CITY="Budapest"
CN="mapserver01.local.lan"
if [ ! -f "$CRT" -o ! -f "$KEY" ]; then
openssl rand -writerand .rnd
openssl req -x509 -rand .rnd -nodes -newkey "rsa:2048" \
-days $DAYS \
-subj "/C=HU/ST=$STATE/L=$CITY/O=MapTiler/OU=Development/CN=$CN" \
-keyout "$KEY" \
-out "$CRT"
rm -f .rnd
fi
exit 0
Output:
Code:Creating gen_certs ... done
Attaching to gen_certs
gen_certs | Can't load /root/.rnd into RNG
gen_certs | 140707024888256:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
gen_certs | Generating a RSA private key
gen_certs | .+++++
gen_certs | ...........+++++
gen_certs | writing new private key to 'mapserver.key'
gen_certs | -----
gen_certs exited with code 0On the target host:
Code:docker-compose up
WARNING: Found orphan containers (nginx) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting certificate_generator ... done
Attaching to certificate_generator
certificate_generator | Cannot write random bytes:
certificate_generator | 139930728330560:error:24070079:random number generator:RAND_write_file:Cannot open file:../crypto/rand/randfile.c:233:Filename=.rnd
certificate_generator | Can't load .rnd into RNG
certificate_generator | 140626904618304:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=.rnd
I got this minimal setup for a reverse proxy, but for some reason it only runs on local machine, however there is still an error.
Do you have any idea?
Code:# docker-compose.yml
version: "3.5"
services:
certificate_generator:
container_name: certificate_generator
image: docker.io/maptiler/tileserver-gl:latest
entrypoint: bash
command: /tmp/certgen.sh
working_dir: /tmp/certs/
volumes:
- ./certgen.sh:/tmp/certgen.sh:ro
- ./certs:/tmp/certs/
restart: "no"Code:#generate-certificates.sh
KEY="mapserver.key"
CRT="mapserver.crt"
DAYS=365
STATE="Hungary"
CITY="Budapest"
CN="mapserver01.local.lan"
if [ ! -f "$CRT" -o ! -f "$KEY" ]; then
openssl rand -writerand .rnd
openssl req -x509 -rand .rnd -nodes -newkey "rsa:2048" \
-days $DAYS \
-subj "/C=HU/ST=$STATE/L=$CITY/O=MapTiler/OU=Development/CN=$CN" \
-keyout "$KEY" \
-out "$CRT"
rm -f .rnd
fi
exit 0
Output:
Code:Creating gen_certs ... done
Attaching to gen_certs
gen_certs | Can't load /root/.rnd into RNG
gen_certs | 140707024888256:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
gen_certs | Generating a RSA private key
gen_certs | .+++++
gen_certs | ...........+++++
gen_certs | writing new private key to 'mapserver.key'
gen_certs | -----
gen_certs exited with code 0On the target host:
Code:docker-compose up
WARNING: Found orphan containers (nginx) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting certificate_generator ... done
Attaching to certificate_generator
certificate_generator | Cannot write random bytes:
certificate_generator | 139930728330560:error:24070079:random number generator:RAND_write_file:Cannot open file:../crypto/rand/randfile.c:233:Filename=.rnd
certificate_generator | Can't load .rnd into RNG
certificate_generator | 140626904618304:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=.rnd