Black Duck on Docker Swarm: Replace SSL Certificate and Key

April 04, 2024
  1. First, let's go ahead and drop the new certificate and key onto the filesystem.  It's preferred to place them into /etc/ssl/certs/, if possible.
  2. Next, let's temporarily remove the Docker secret from the webserver service: 
    docker service update --secret-rm hub_WEBSERVER_CUSTOM_CERT_FILE hub_webserver
    docker service update --secret-rm hub_WEBSERVER_CUSTOM_KEY_FILE hub_webserver
  3. We'll remove the actual secrets now from Docker: 
    docker secret rm hub_WEBSERVER_CUSTOM_CERT_FILE
    docker secret rm hub_WEBSERVER_CUSTOM_KEY_FILE
  4. Create the new secrets: 
    docker secret create hub_WEBSERVER_CUSTOM_CERT_FILE /etc/ssl/certs/cert.cer
    docker secret create hub_WEBSERVER_CUSTOM_KEY_FILE /etc/ssl/certs/cert.key
  5. Re-deploy the stack.  Since we only made one change (update to the secrets), only the webserver (NGINX) container should be restarted.
    docker stack deploy -c docker-compose.yml -c sizes-gen03/120sph.yaml -c docker-compose.local-overrides.yml hub
  6. Done!

©2024 Tyler Wright