Skip to content

Add Docker secrets #872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 8, 2021
Merged

Add Docker secrets #872

merged 9 commits into from
Feb 8, 2021

Conversation

ahgraber
Copy link
Contributor

@ahgraber ahgraber commented Feb 7, 2021

Changes:

  • Add docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh to allow parsing of Docker secrets in s6 environment. (feature request: Does Project Support use of Docker Secrets? #818) and add stage2 logging if errors
  • Change to ENTRYPOINT [ "/init" ]

This is up and running on dockerhub as ahgraber/nginx-proxy-manager if you'd like to test. The :test tag includes debug code to print the secret parsing to docker logs.

I'll also be sending a PR to allow mariadb-aria to also use docker secrets.

full compose stack (mariadb-aria and npm)

version: '3.7'

secrets:
  # secrets are single-line text files where the sole content is the secret
  DB_ROOT_PWD:
    file: .secrets/db_root_pwd.txt
  MYSQL_PWD:
    file: .secrets/mysql_pwd.txt

services:
  mariadb:
    image: ahgraber/mariadb-aria:latest
    container_name: mariadb
    secrets:
      - DB_ROOT_PWD
      - MYSQL_PWD
    environment:
      # MYSQL_ROOT_PASSWORD: "npm"  # use secret instead
      MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "npm"
      # MYSQL_PASSWORD: "npm"  # use secret instead
      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
    volumes:
      - ./data/mysql:/var/lib/mysql
    networks:
  npm:
    image: ahgraber/nginx-proxy-manager:latest
    container_name: npm
    secrets:
      - MYSQL_PWD
    environment:
      DISABLE_IPV6: 'true'
      DB_MYSQL_HOST: "mariadb"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      # DB_MYSQL_PASSWORD: "npm"  # use secret instead
      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./data/letsencrypt:/etc/letsencrypt
    ports:
      - 80:80
      - 443:443
      - 81:81
    depends_on:
      - mariadb

@jc21
Copy link
Member

jc21 commented Feb 7, 2021

Docker Image for build 1 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-872

@jc21 jc21 changed the base branch from master to develop February 7, 2021 23:22
@jc21
Copy link
Member

jc21 commented Feb 8, 2021

Docker Image for build 2 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-872

@jc21
Copy link
Member

jc21 commented Feb 8, 2021

Docker Image for build 3 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-872

@jc21 jc21 merged commit 5ff07fa into NginxProxyManager:develop Feb 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ahgraber @jc21