aptalca
commented
7 months ago Our recommendation is to use a reverse proxy: https://docs.linuxserver.io/general/swag/
Closed avoiceofreason closed 7 months ago
aptalca
commented
7 months ago Our recommendation is to use a reverse proxy: https://docs.linuxserver.io/general/swag/
avoiceofreason
commented
7 months ago As stated in the ticket I do not want to use an unnecessary proxy server.
However no matter I have now managed to work out how to add new self signed certs.
I have documented the process. Let me know if you are interested in the docs.
aptalca
commented
7 months ago What I meant was we are not interested in adding that info to the docs because we recommend a reverse proxy.
Thanks for the offer, though.
jhsansom
commented
5 months ago @avoiceofreason Could you possibly share your documentation? I am trying to do the same thing without a reverse proxy (even though I know a reverse proxy is the official recommendation). Thanks!
jhsansom
commented
5 months ago Figured out how to do this. @aptalca, I know you recommend a reverse proxy, so if you would really rather this information not be out there for some reason, I can certainly take it down. I did want to share how I did this in case it would be useful to others.
The default LinuxServer.io certs are located in /config/ssl. To replace them, I simply mounted my certs to the location of the existing certs and then started the container. Here is some example code within my compose.yml file:
volumes:
- ./WebTop:/config
- /var/run/docker.sock:/var/run/docker.sock #optional
- /path/to/your/certs/fullchain.pem:/config/ssl/cert.pem # map public key to cert.pem
- /path/to/your/certs/privkey.pem:/config/ssl/cert.key # map private key to cert.keyYou can also simply replace the text inside of cert.pem and cert.key, however you will need to run docker restart for the changes to take effect.
aptalca
commented
5 months ago Posting here is fine. But we won't add it to the readme or docs.
Is this a new feature request?
Wanted change
Please add documentation to provide the simplest way to replace the existing self signed SSL certs for Webtop docker image with new generated self signed certs and then add cert authority into browser cert management
Reason for change
Require browser to access local webtop docker service without "unsafe" browser flag and to have my own self signed certs that match my local server name e.g. server01.local Do not want to add unnecessary proxy layer with separate nginx and ssl certs. Unsure exactly how existing certs are generated and configured
Proposed code change
Looks like webtop uses nginx with certs located in /config/ssl (cert.key and cert.pem)
I don't know enough about certs but assume it is something like:
1.Generate CA's e.g. private key cert.key and then root cert cert.pem 2.Generate site private key and csr 3.Use all of the above to generate a signed cert .crt 4.Configure nginx to use signed cert for site e.g. site key and site crt 5.Import ca .pem into browser as authority
Documentation for linux user to perform all the above. Appreciated.