Hello everyone!
I am migrating an old system I developed some years ago to a containerized environment and I need some help with SSL to serve it through HTTPS. My knowledge about this topic is quite low.
The system is composed by two containers:
- Frontend. AngularJS app served above a NGINX image.
- Backend. PHP API REST served above the image php:5.6-apache.
Both containers are running in a EC2 instance orchestated by Docker Swarm. The instance is linked to a domain. I know that I could get a certificate from Let's Encrypt but my questions are the following:
- Should I use the same certificate for the frontend and the backend (both in same domain but different ports)?
- Is there a way to renew it automatically or integrate it in my pipeline? Or what is the way to deal with this in a container environment.
Finally, if anyone have read something explaining this, please write it in the comments :)
Many thanks for your help!
Top comments (1)
Let's Encrypt more or less assumes you're going to automate renewal since their certs are only good for 90 days. They have an officially-supported tool but numerous others exist since there's a well-defined protocol for renewing certificates (ACME); check their website for a list.
I wouldn't call myself a security expert but as far as I'm aware you only need one certificate covering communications with users and won't stand to gain much by adding SSL between nodes in your cluster.