The basic idea is to get to a zero tolerance architecture. For which reason I intended to upgrade the communication between my hosts on my docker network with tls. I was thinking it would be easy. As in we go for either self-signed certificates and provide it the cert to the requesting host OR use CA-certs OR do it all with smallstep-docker-micro service.
It is going on for almost 2 weeks now.
After getting a little bit frustrated, I tried to start small. So I focused on the connection between the host with the docker-image:mongo:8.0 and the host with the node:latest image which runs the express server.
I tried the world so far, even tried traefik instead of nginx as reverse proxy but I don't know - although generally spoken it wasn't a problem to set up certs for tls from the web for the proxy, none of the tls connections between the hosts of the bridge network work.
So technically I don't get where the problem is: I can use hostname to give the host a fqdn and then i refer to it on the self-signed certs. And etc/ssl from which I then refer to ngnx or express or mongo.
I was thinking of it being a layer problem I was facing, because I was using custom images as in layer images an the calling them from the composes file. So I created a bigger compose file from the dockerfile and docker-compose.yml mix which - without tls - this works without problems.
Is there a graceful and easy way to set up tls on docker in between hosts in a bridge network?
I even put it as value in the code with back ticks.. just to exclude reading issues.
I tried to use COPY in the dockerfile for the certs I tried to use shared volumes and I know it's a bad option as said used back ticks to put it in the code directly.
Another problem i was facing with smallstep-setup is that the docker image is down. Can someone validate that? Seemingly the docker image from their documentation is not there no more.
I know that are are sets with alike questions particularly in stack-overflow.
So I was thinking: I define the names, hostA hostB and host C as service attributes in the docker compose then make shared volumes where i refer to there certs then copy the cert.cert in the requesting host. like etc certs or something.from there on the hosts suppose to be referred to as https:\\hostA eg after it being referred to inside the bridge network.
The servers run and they are not making problems about the certs or anything.
Am I having a conceptual misunderstanding of how this works?
