So I've made a few posts on automating SSL VPN with LetsEncrypt etc etc, however what if you're already using some way of generating certificates? Be it LetsEncrypt or otherwise.
Essentially these days I rely on another container to generate certificates as they're used by my loadbalancer to serve HTTPS content for my sites, but I still want to load these certs into my router.
I've modified my earlier python script to be able to do this. It can be found here under import_cert.py: https://github.com/dchidell/webvpncert/tree/master
This can then be run inside a container doing something like the following (if you've read some previous posts on netmiko inside Alpine you'll recognise this):
root@docker:/home/david/cert# ls docker-compose.yml Dockerfile import_cert.py root@docker:/home/david/cert#
FROM python:alpine MAINTAINER David Chidell RUN apk --no-cache add build-base libffi-dev openssl-dev openssl RUN pip install --no-cache-dir netmiko COPY import_cert.py . ENTRYPOINT ["python", "./import_cert.py"] CMD ["--help"] VOLUME ["/certs"]
version: '3.2' services: cert_import: image: dchidell/router-cert-import build: . command: 10.66.50.1 CA_LETSENCRYPT /certs/privkey1.pem /certs/cert1.pem /certs/chain1.pem --u dchidell --sshkey /root/.ssh/id_rsa.pub volumes: - /root/.ssh:/root/.ssh:ro - /mnt/nas/certs/dchidell.com:/certs
You can then run this container like so:
docker-compose -f /home/david/cert/docker-compose.yml run cert_import