This is the Nginx web front end for the SKS OpenPGP Keyserver using Alpine Linux Project.
This container has a volume which is /etc/ssl inside to locate appropriate
SSL certificates, keys and DH parameter files. Please mount it from a
persistent storage source.
Current build configuration assumes use of Docker swarm mode to utilize the mesh routing DNS to locate the SKS key servers to proxy to.
Current build configuration looks for a sks service to have been created and
deployed to the swarm overlay network.
docker network create --driver overlay --subnet 10.0.9.0/24 my-network
docker service create --name sks --network my-network --publish 11370:11370 \
--mount type=volume,src=sks-data,dst=/var/lib/sks,volume-driver=local \
jtbouse/sks
Deployment uses the Docker engine host's /etc/ssl directory contents as a
read-only bind volume mount which requires the SSL certificates to be deployed
under /etc/ssl/certs, the SSL certficate key to be deployed under
/etc/ssl/private and a DH parameters file deployed as /etc/ssl/dhparams.pem.
docker service create --name nginx --network my-network --publish 80:80 \
--publish 443:443 --publish 11371:11371 --mount \
type=bind,src=/etc/ssl,dst=/etc/ssl,readonly jtbouse/sks-nginx
Configuration is setup to serve static content from /usr/share/nginx/html and
reverse proxy server for /pks location URIs back to
http://sks:11371 using Docker swarm service VIP.
Web template modified from mattrude/pgpkeyserver-lite
Containers:
- jtbouse/sks SKS OpenPGP Keyserver
- nginx:alpine Nginx on Alpine Linux
Live demo: UnderGrid Network Service Key Server