Closed apoorvdeshmukh closed 10 months ago
Following is the summary.
SQL Server can be configured to run with self-signed certificates using this doc.
The certificates can be put inside container image by mounting host drive onto container instance at run time., using -v <hostPath>:<containerPath>
in docker run
command.
The certificate itself can be generated and configured within container using openssl
and /opt/mssql/bin/mssql-conf
Below are the example commands
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=<redacted>" -p 5433:1433 --name localhost --hostname localhost -v C:\Users\user\Desktop\certs:/home/certs -d mcr.microsoft.com/mssql/server:2022-latest
C:\Users\user\Desktop>docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8707870c67bb mcr.microsoft.com/mssql/server:2022-latest "/opt/mssql/bin/perm…" 4 seconds ago Up 4 seconds 0.0.0.0:5433->1433/tcp localhost
docker exec -it -u root 8707870c67bb bash
chown mssql mssql.*
/opt/mssql/bin/mssql-conf set network.tlscert /etc/ssl/certs/mssql.pem
/opt/mssql/bin/mssql-conf set network.tlskey /etc/ssl/private/mssql.key
/opt/mssql/bin/mssql-conf set network.tlsprotocols 1.2
/opt/mssql/bin/mssql-conf set network.forceencryption 0
Currently, TDS8 connections don't work against SQL Server on linux. Will revisit this once this is supported.
Sql server instances spawned by sqlcmd should provide support for encrypted connections. This doc describes how the containers can be secured. This is also helpful in testing.