Using self-signed certificate with nginx in Docker

I deploy a php laravel application on fly.io. When I use HTTPPS to access this application, I will access http resources. I plan to install a self-signed certificate in Docker. Will fly.io verify that the certificate is valid?

Browser–>fly.io (443 port, Let’s Encrypt certificate has been issued, visit link: XXX.fly.dev)–>APP (php laravel, use port 8080, prepare to use self-signed certificate here).

When fly.io accesses port 8080 of the APP, will it verify that the certificate is valid?

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

Well unless there is a specific need to use a self-signed certificate (perhaps there is) you could make your life simpler by using Fly’s provided TLS handler. It’s as simple as specifying that in your fly.toml file. See App Configuration (fly.toml) · Fly Docs and scroll down a little. They can issue a certificate for you - you just need to add the DNS records to verify that. And then incoming connections come to Fly’s proxy, with a valid certificate, and then onwards to your vm via Fly’s encrypted private network.

Now I’m not sure if you are linking to a Cloudflare page because you are using Cloudflare or whether that’s just an example of a certificate. But yes, the other approach is to not use Fly’s TLS handler. That’s TCP-passthrough. So in that case, you would need to use your own certificate in your nginx. And Fly would not get involved with verifying that certificate (as far as I can see) since in that example Cloudflare would be connecting to your vm and getting the certificate from that (from your nginx). I haven’t done that myself with nginx but I have with nodejs and that worked for me.

2 Likes