I am a new user with limited understanding of SSH. I am able to SSH into my QNAP NAS host, on which HA is running inside a Docker container, but I don’t know how to SSH to the running HA image. In fact, I don’t even know what user name is set up with the docker image I pulled, or how to figure that out.
I am working toward securing remote access with SSL and a cert, and the detailed guide for that is requiring steps from an SSH command line that I am unable to do … because I don’t know how to get there.
if you can get into your QNAP via SSH, then you should be able to open a bash terminal to the HA docker container. disclaimer, I run HA in a docker on a Synology and this is how it works for me:
SSH into NAS and issue the following command replacing <container_name> with the name of your container in docker: sudo docker exec -it <container_name> /bin/bash
you now should have a bash terminal open in the docker container for HA as you were sitting at a physical machine running HA, but with limited features because it’s a docker container and not a full Linux install.
let your NAS handle the SSL and pass the certificates through linked volumes to the HA docker. there are other threads and documentation on how to do this.
So I’m trying to take hold of the last part of your reply … not doing anything in the container, and using reverse proxy or another container to run let’s encrypt. Could you recommend whichever is the most straightforward approach (reverse proxy or another container), and either provide more step by step instructions, or point me to where I can learn enough to build that bridge myself? The additional container sounds like a good option, but once I have a cert, how do I use it with HA? … does the cert’ reside on the second container and I create a mapping or mount point from one container to the other, or do I copy a file from one container to the other? ( I should mention that I am running Docker on a QNAP NAS with their “Container Station” app.)
You use the volume bind mount features of Docker. Your Letsencrypt docker container will save to where you bind the volume in the docker. You bind volumes to the host so that you can access them outside the docker container.
I would recommend using caddy as the reverse proxy. It refreshes certificates automatically, has a docker container, and the configuration for HA is here
Thanks for the suggestion. Not being we’ll versed on what a reverse proxy can do (understatement!), I have to ask: how exactly would this work in terms getting an encrypted connection to my HA Docker? Would I have an encrypted connection to my NAS host, and then somehow the traffic is passed (Caddy configuration?) to the HA container on port 8123?
Actually, it wouldn’t. The encrypted connection would go to the caddy container, which does all the encryption and decryption, and passes the decrypted content to the HA container. So you would still be able to connect to HA locally without encryption.
Ok. I see the Docker for Caddy has Letsencrypt included. I’ll give the docs’ a read and see if I can get this running, and how the resource hit compares to just running a LetsEncrypt container. Appreciate the suggestion.