Trusted certificates (SSL/TLS) instead of self signed cdrtificates

Does PMM support the use of “trusted” certificates, i.e. let’s encrypt instead via some docker environment variable?

log in to docker container and replace the following files with your own key/certificate(s):

  • /srv/nginx/certificate.key
  • /srv/nginx/certificate.crt
  • /srv/nginx/ca-certs.pem

Changing other settings of nginx (like redirect 80 -> 443) can not be persistently changed as those reside on /etc/nginx. Maybe move the nginx conf to /srv/nginx to make persistent changes?

How do I log into the docker container? I remember doing this when PMM first came out, but have since forgotten. Would I change the actual files within the docker image? I remember an earlier v1 setting for mounting /etc/pmm-certs to /srv/nginx/ in the startup to PMM-server.

There is now a feature request for the original request, you can follow that at https://jira.percona.com/browse/PMM-5123
Thanks to stefan-nl for creating the post.

One can also always just mount the volume too while issuing the docker run command. Make sure to include the dhparam.pem along with the ca, cert and key within this volume.
{… -v /etc/nginx/ssl:/srv/nginx …}

To “log into” the docker container and get a bash prompt you just issue:
{docker exec -it pmm-server /bin/bash}