Nginx SSL configuration in Docker Swarm
When you have several Nginx replicas in Docker Swarm and you need to share SSL certificate, you can use secrets.
Here is a short extract:
server {
listen 443 ssl http2;
server_name ...;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
ssl_certificate /run/secrets/cert.crt;
ssl_certificate_key /run/secrets/cert.key;
ssl_trusted_certificate /run/secrets/fullchain.pem;
ssl_dhparam /run/secrets/dh2048.pem;
...
version: '3.1'
services:
...
nginx:
...
ports:
- "80:80"
- "443:443"
secrets:
- cert.crt
- cert.key
- fullchain.pem
- dh2048.pem
secrets:
cert.crt:
file: /path_to/cert.crt
nginx.key:
file: /path_to/cert.key
fullchain.pem:
file: /path_to/fullchain.pem
dh2048.pem:
file: /path_to/dh2048.pem