...
> ./certbot-auto certonly
...
Installing with NGINX in a Docker Container
Build an image with certbot installed
> vi Dockerfile
Code Block |
---|
FROM webdevops/php-apache:ubuntu-12.04
RUN wget https://dl.eff.org/certbot-auto
RUN chmod a+x ./certbot-auto
RUN ./certbot-auto -n --install-only |
> docker build -t ca/certbot .
debian:buster
# Installation de NGINX et dnsmasq
RUN apt-get update
RUN apt-get install nginx curl dnsmasq -y
RUN apt-get install -y wget
RUN apt-get install -y apache2-utils
RUN apt-get install -y python-minimal
# Création du dossier contenant les certificats
RUN mkdir /etc/nginx/certificates
# Volumes
VOLUME /etc/nginx/sites-enabled
VOLUME /etc/nginx/certificates
# Copie des fichiers de configuration
COPY confs/nginx.conf /etc/nginx/
COPY confs/proxy.conf /etc/nginx/conf.d/
RUN apt-get install -y certbot
RUN apt-get install -y python-certbot-nginx
# Exposition du port
EXPOSE 80 443
# Add command
CMD ["nginx", "-g", "daemon off;"]
HEALTHCHECK CMD curl --fail http://localhost || exit 1 |
> docker build -t jmehan/nginx .
.
Create a container from the image
> vi buildDocker.sh
Code Block |
---|
CONTAINER=certbotproxy IMAGE=cajmehan/certbotnginx HOSTNAME=$1 echo Configuring with hostname: $HOSTNAMEDIR=`pwd -P` docker stop $CONTAINER docker rm $CONTAINER #docker rmi $IMAGE docker run -d \ --net host \ --name $CONTAINER \ -p 7077:80--restart=always \ -h $HOSTNAMEv $DIR/conf:/etc/nginx/sites-enabled \ -v $PWD$DIR/webconf.d:/app/etc/nginx/conf.d \ -v $PWD$DIR/letsencrypt:/etc/letsencrypt \ -e php.short_open_tag='On' \ -e php.post_max_size='20971520' \ -e php.upload_max_filesize='20971520' \ -e php.magic_quotes_gpc='off' \ -e php.session.save_handler='files' \ $IMAGE --health-cmd='curl --fail https://wiki.jmehan.com || exit 1' \ $IMAGE docker logs -f $CONTAINER |
> ./buildDocker.sh
View logs to see if the certbot our container started properly
> docker logs -f certbotproxy
Execute certbot-auto to create our cert
> docker > docker exec -it certbot .proxy /usr/bin/certbot -auto certonly-nginx
Code Block |
---|
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx HowWhich names would you like to authenticateactivate with the ACME CAHTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: creativeattitude.com ... ---------------------------------------- 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) --------------------------------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 2 Plugins selected: Authenticator webroot, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): test.jmehan.com Obtaining a new certificate Performing the following challenges: http-01 challenge for test.jmehan.com Input the webroot for test.jmehan.com: (Enter 'c' to cancel): /app Waiting for verification... Cleaning up challenges ... |
Renewing Certificates
Script: renewAllCerts.sh
Code Block | ||||
---|---|---|---|---|
| ||||
#!/bin/bash
set -e
DOMAINS=(
"bcs.jmehan.com"
"www.jmehan.com"
)
for d in ${DOMAINS[*]}; do
echo "*** Renewing - $d"
docker exec -it proxy /usr/bin/certbot --nginx -n -d $d
done
echo "**** ALL DONE *****" |
References
Reference | URL |
---|---|
Getting Started | https://letsencrypt.org/getting-started/ |
*Using Certbot Auto | https://certbot.eff.org/docs/install.html#certbot-auto |
Certbot User Guide | https://certbot.eff.org/docs/using.html#certbot-commands |