In Hosting browser games on your Pi article I show you how to easily create a web container on your Raspberry Pi to host your web content.
I have updated
kafebob/rpi-alpine-nginx image to programmatically enable SSL in your web container. In other words, the container is able to create self-signed SSL certificates and is also able to use your own SSL certificates in a simple way.
Docker allows you to pass environment variables and using them to change the behavior of docker containers.
If you pass the environment variable
$NGINX_SERVERNAME when you create a container from
kafebob/rpi-alpine-nginx then SSL is going to be enabled.
$NGINX_SERVERNAME sets name of the virtual server and will be used to generate SSL self-signed certificates.
Assuming your Raspberry Pi is called
gaspar and this Pi unit can be founded on your internal network using
ping gaspar.local you are able to add Https support to the game container recently created in Hosting browser games on your Pi.
For this support what you would have to do is:
-e NGINX_SERVERNAME=gaspar.local- Environment variable with the name of your virtual server.
--rm- Automatically remove the container when it exits.
--name browser-games- browser-games is the name for this container.
-v ~/games:/var/www- Your folder
~/gameson your Pi is mapped with default Nginx root folder
/var/wwwon this container.
-p 80:80- Linked port 80 on host to port 80 on container.
-p 443:443- Linked port 443 on host to port 443 on container.
You can see a quick-demo below
If you want to use your own SSL certificates, you must map a folder in your Pi with container folder
/etc/nginx/certs. In this folder must exist two files, the certificate file (
.pem extension) and private key file (
.key extension), the name of these files must be equal to
$NGINX_SERVERNAME environment variable name (image
kafebob/rpi-alpine-nginx is prepared to work with this naming convention).
For instance, if
$NGINX_SERVERNAME is equal to
gaspar.local, certificate should be called
gaspar.local.pem and private key
In the next clip you will see how I manage to setup a SSL Certificate previous generated in my host environment.
kafebob/rpi-alpine-nginx allows you to activate Diffie-Hellman (DH) key-exchange. For demo purposes DH key-exchange is not needed but is always nice to have it ready to use.
To enable this feature in your Nginx server you need to pass to the container an environment variabled called
NGINX_DIFFIE_HELLMAN with value
on (by default it’s disabled). If this variable has
on value and the container does not detect
dhparams.pem inside folder
/etc/nginx/certs it will proceed to generate a 2048-bit long Diffie-Hellman Params File (please take a 20 minute break). You can use your own
dhparams.pem and bind it to container folder
Any thoughts? I hope you find it useful!