Black Duck on Docker Swarm: Replace SSL Certificate and Key
April 04, 2024
- First, let's go ahead and drop the new certificate and key onto the filesystem. It's preferred to place them into /etc/ssl/certs/, if possible.
- Next, let's temporarily remove the Docker secret from the webserver service:
docker service update --secret-rm hub_WEBSERVER_CUSTOM_CERT_FILE hub_webserver
docker service update --secret-rm hub_WEBSERVER_CUSTOM_KEY_FILE hub_webserver
- We'll remove the actual secrets now from Docker:
docker secret rm hub_WEBSERVER_CUSTOM_CERT_FILE
docker secret rm hub_WEBSERVER_CUSTOM_KEY_FILE
- Create the new secrets:
docker secret create hub_WEBSERVER_CUSTOM_CERT_FILE /etc/ssl/certs/cert.cer
docker secret create hub_WEBSERVER_CUSTOM_KEY_FILE /etc/ssl/certs/cert.key
- Re-deploy the stack. Since we only made one change (update to the secrets), only the webserver (NGINX) container should be restarted.
docker stack deploy -c docker-compose.yml -c sizes-gen03/120sph.yaml -c docker-compose.local-overrides.yml hub
- Done!