search

osixia / docker-phpLDAPadmin

phpLDAPadmin container image 🐳🌴
MIT License
844 stars 197 forks source link

Custom SSL Certificate isn't recognized by container #17

Closed galindro closed 7 years ago

galindro commented 8 years ago

I've started a container using this command:

docker run --volume /certs:/container/service/phpldapadmin/assets/apache2/certs \
--env PHPLDAPADMIN_HTTPS_CRT_FILENAME=my_cert.crt \
--env PHPLDAPADMIN_HTTPS_KEY_FILENAME=my_privatekey.key \
--env PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=RapidSSL_CA_bundle.pem  \
--env PHPLDAPADMIN_LDAP_HOSTS=ldap.domain.com \
--name phpldapadmin \
-p 443:443 \
-p 80:80 \
--detach osixia/phpldapadmin:0.6.7

But the certificate isn't recognized in browser. Here are some details:

# Certificate Details:
Common name: ldap.domain.com
SANs: ldap.domain.com
Organization: A1A Car Wash
Location: Albuquerque, New Mexico, US
Valid from February 10, 2016 to February 9, 2017
Serial Number: 68a06084f98d97fe655b112f539a1b7888e84117
Signature Algorithm: ecdsa-with-SHA384
Issuer: docker-light-baseimage
server# ls -lha /certs/
total 24K
drwxr-xr-x  2  999 docker 4.0K Feb 10 13:25 .
drwxr-xr-x 23 root root   4.0K Feb 10 13:15 ..
-rw-------  1  999 docker  424 Feb 10 13:25 dhparam.pem
-rw-r--r--  1  999 docker 2.8K Feb 10 13:24 RapidSSL_CA_bundle.pem
-rw-r--r--  1  999 docker 1.1K Feb 10 13:18 socialbase_cert.crt
-rw-------  1  999 docker  288 Feb 10 13:18 socialbase_privatekey.key
# docker inspect 8fc921fa4ab5 |jq '.[].Config.Env'
[
  "PHPLDAPADMIN_HTTPS_CRT_FILENAME=my_cert.crt",
  "PHPLDAPADMIN_HTTPS_KEY_FILENAME=my_privatekey.key",
  "PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=RapidSSL_CA_bundle.pem",
  "PHPLDAPADMIN_LDAP_HOSTS=ldap.domain.com",
  "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
  "PHPLDAPADMIN_VERSION=1.2.3",
  "PHPLDAPADMIN_SHA1=669fca66c75e24137e106fdd02e3832f81146e23"
]

# docker inspect 8fc921fa4ab5 |jq '.[].Mounts'
[
  {
    "Propagation": "rprivate",
    "RW": true,
    "Mode": "",
    "Destination": "/container/service/phpldapadmin/assets/apache2/certs",
    "Source": "/certs"
  },
  {
    "Propagation": "",
    "RW": true,
    "Mode": "",
    "Driver": "local",
    "Destination": "/var/www/phpldapadmin",
    "Source": "/var/lib/docker/volumes/6e448d6a364f064b69d4d7385faff4378971252b23d15d5095964738f8dfd012/_data",
    "Name": "6e448d6a364f064b69d4d7385faff4378971252b23d15d5095964738f8dfd012"
  }
]
*** CONTAINER_LOG_LEVEL = 4 (debug)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:apache2/startup.sh to /container/run/startup/:apache2
*** link /container/service/:apache2/process.sh to /container/run/process/:apache2/run
*** link /container/service/:cfssl/startup.sh to /container/run/startup/:cfssl
*** link /container/service/:cron/startup.sh to /container/run/startup/:cron
*** link /container/service/:cron/process.sh to /container/run/process/:cron/run
*** link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate
*** link /container/service/:php5-fpm/startup.sh to /container/run/startup/:php5-fpm
*** link /container/service/:php5-fpm/process.sh to /container/run/process/:php5-fpm/run
*** link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core
*** link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run
*** link /container/service/ldap-client/startup.sh to /container/run/startup/ldap-client
*** link /container/service/phpldapadmin/startup.sh to /container/run/startup/phpldapadmin
*** Set environment for startup files
*** Environment files will be proccessed in this order : 
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

*** --- process file : /container/environment/99-default/default.yaml ---
*** ignore : PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = ca.crt (keep PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem )
*** ignore : PHPLDAPADMIN_HTTPS_CRT_FILENAME = phpldapadmin.crt (keep PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt )
*** ignore : PHPLDAPADMIN_LDAP_HOSTS = [{'ldap.example.org': [{'server': [{'tls': True}]}, {'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org'] (keep PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com )
*** ignore : PHPLDAPADMIN_HTTPS_KEY_FILENAME = phpldapadmin.key (keep PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key )
*** Running /container/run/startup/:apache2...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
Enabling conf custom-security.
*** Running /container/run/startup/:cfssl...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
*** Running /container/run/startup/:cron...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
*** Running /container/run/startup/:logrotate...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
*** Running /container/run/startup/:php5-fpm...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
Enabling conf php5-fpm.
*** Running /container/run/startup/:syslog-ng-core...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
*** Running /container/run/startup/ldap-client...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
cfssl-helper is launched, everybody on the floor !
No certificate file and certificate key provided, generate:
/container/service/ldap-client/assets/certs/ldap-client.crt and /container/service/ldap-client/assets/certs/ldap-client.key
use /container/service/:cfssl/assets/default-ca/config/req-csr.json.tmpl as csr file
cfssl -loglevel 0 gencert -ca /container/service/:cfssl/assets/default-ca/default-ca.pem -ca-key /container/service/:cfssl/assets/default-ca/default-ca-key.pem -hostname c36a59e98f6b /tmp/csr-file | cfssljson -bare /tmp/cert
2016/02/10 14:07:26 [DEBUG] loading configuration file from 
2016/02/10 14:07:26 [INFO] generate received request
2016/02/10 14:07:26 [INFO] received CSR
2016/02/10 14:07:26 [INFO] generating key: ecdsa-384
2016/02/10 14:07:26 [DEBUG] generate key from request: algo=ecdsa, size=384
2016/02/10 14:07:27 [INFO] encoded CSR
2016/02/10 14:07:27 [DEBUG] validating configuration
2016/02/10 14:07:27 [DEBUG] validate local profile
2016/02/10 14:07:27 [DEBUG] profile is valid
2016/02/10 14:07:27 [DEBUG] Loading CA: /container/service/:cfssl/assets/default-ca/default-ca.pem
2016/02/10 14:07:27 [DEBUG] Loading CA key: /container/service/:cfssl/assets/default-ca/default-ca-key.pem
2016/02/10 14:07:27 [DEBUG] validating configuration
2016/02/10 14:07:27 [DEBUG] validate local profile
2016/02/10 14:07:27 [DEBUG] profile is valid
2016/02/10 14:07:27 [INFO] signed certificate with serial number 681754875097258853484872446148253454803741975571
move /tmp/cert.pem to /container/service/ldap-client/assets/certs/ldap-client.crt
move /tmp/cert-key.pem to /container/service/ldap-client/assets/certs/ldap-client.key
Link /container/service/:cfssl/assets/default-ca/default-ca.pem to /container/service/ldap-client/assets/certs/ldap-ca.crt
done :)
*** Running /container/run/startup/phpldapadmin...
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** HOME = /root
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
Set apache2 https config...
cfssl-helper is launched, everybody on the floor !
Files /container/service/phpldapadmin/assets/apache2/certs/my_cert.crt and /container/service/phpldapadmin/assets/apache2/certs/my_privatekey.key exists, fix files permissions
Enabling site phpldapadmin.
Bootstap phpLDAPadmin...
tr: write error: Broken pipe
tr: write error
link /container/service/phpldapadmin/assets/config.php to /var/www/phpldapadmin/config/config.php
*** Set environment for container process
*** Environment files will be proccessed in this order : 
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

*** --- process file : /container/environment/99-default/default.yaml ---
*** ignore : PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = ca.crt (keep PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem )
*** ignore : PHPLDAPADMIN_HTTPS_CRT_FILENAME = phpldapadmin.crt (keep PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt )
*** ignore : PHPLDAPADMIN_LDAP_HOSTS = [{'ldap.example.org': [{'server': [{'tls': True}]}, {'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org'] (keep PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com )
*** ignore : PHPLDAPADMIN_HTTPS_KEY_FILENAME = phpldapadmin.key (keep PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key )
*** ------------ Environment dump ------------
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME = ldap-client.key
*** PHPLDAPADMIN_HTTPS = True
*** LC_CTYPE = C.UTF-8
*** PHPLDAPADMIN_VERSION = 1.2.3
*** INITRD = no
*** HOME = /root
*** PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*** PHPLDAPADMIN_HTTPS_KEY_FILENAME = my_privatekey.key
*** LANG = C.UTF-8
*** PHPLDAPADMIN_SERVER_ADMIN = webmaster@example.org
*** CONTAINER_SERVICE_DIR = /container/service
*** PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME = RapidSSL_CA_bundle.pem
*** LANGUAGE = C.UTF-8
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME = ldap-ca.crt
*** PHPLDAPADMIN_LDAP_CLIENT_TLS = True
*** PHPLDAPADMIN_HTTPS_CRT_FILENAME = my_cert.crt
*** PHPLDAPADMIN_LDAP_HOSTS = ldap.domain.com
*** LDAP_CLIENT_CFSSL_PREFIX = ldap
*** PHPLDAPADMIN_SHA1 = 669fca66c75e24137e106fdd02e3832f81146e23
*** CONTAINER_LOG_LEVEL = 4
*** PHPLDAPADMIN_CFSSL_PREFIX = phpldapadmin
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME = ldap-client.crt
*** HOSTNAME = c36a59e98f6b
*** CONTAINER_STATE_DIR = /container/run/state
*** PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT = demand
*** ------------------------------------------
*** Running runit daemon...
*** runit daemon started as PID 818
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
Feb 10 14:07:28 c36a59e98f6b syslog-ng[826]: syslog-ng starting up; version='3.5.6'
osixia commented 7 years ago

I guess here are the replacements to do in the docker run command: PHPLDAPADMIN_HTTPS_CRT_FILENAME=my_cert.crt -> PHPLDAPADMIN_HTTPS_CRT_FILENAME=socialbase_cert.crt

PHPLDAPADMIN_HTTPS_KEY_FILENAME=my_privatekey.key -> PHPLDAPADMIN_HTTPS_KEY_FILENAME=socialbase_privatekey.key

this help ?

majidpal commented 6 years ago

I have done this but still does not take. Always it recreates file using variable SSL_KEY_FILENAME and SSL_CRT_FILENAME.

docker run -d --dns=$(hostname -i) --restart=always -v /data/n01/test0/ssl:/osixia/phpldapadmin/assets/apache2/certs -p 443:443 --name "devops-ldap-admin-secure" -e PHPLDAPADMIN_HTTPS_CRT_FILENAME=ldap-cert.crt -e HTTPS_CRT_FILENAME=ldap-cert.crt -e PHPLDAPADMIN_HTTPS_KEY_FILENAME=ldap-cert.crt -e HTTPS_KEY_FILENAME=ldap-cert.crt -e SERVICE_443_NAME=ldapadmin -e SERVER_NAME=devops-ldap.dev.test.com -e LDAP_HOSTS=$(hostname -i) -e LDAP_SERVER_BIND_ID="cn=admin,dc=devops,dc=test,dc=com"

majidpal commented 6 years ago

Can please provide help with this? I am stuck on SSL part