Black Duck on Docker Swarm: Replace SSL Certificate and Key

April 04, 2024
  1. First, let's go ahead and drop the new certificate and key onto the filesystem.  It's preferred to place them into /etc/ssl/certs/, if possible.
  2. Next, let's temporarily remove the Docker secret from the webserver service:  
    docker service update --secret-rm hub_WEBSERVER_CUSTOM_CERT_FILE hub_webserver
docker service update --secret-rm hub_WEBSERVER_CUSTOM_KEY_FILE hub_webserver
  3. We'll remove the actual secrets now from Docker:  
    docker secret rm hub_WEBSERVER_CUSTOM_CERT_FILE
docker secret rm hub_WEBSERVER_CUSTOM_KEY_FILE
  4. Create the new secrets:  
    docker secret create hub_WEBSERVER_CUSTOM_CERT_FILE /etc/ssl/certs/cert.cer
docker secret create hub_WEBSERVER_CUSTOM_KEY_FILE /etc/ssl/certs/cert.key
  5. Re-deploy the stack.  Since we only made one change (update to the secrets), only the webserver (NGINX) container should be restarted. 
    docker stack deploy -c docker-compose.yml -c sizes-gen03/120sph.yaml -c docker-compose.local-overrides.yml hub
  6. Done!
Tags
Docker Synopsys Black Duck Docker Swarm

©2024 Tyler Wright