snippetdockerMinor
How do I set up certbot, with Nginx, both in a Docker container?
Viewed 0 times
containerwithdockercertbotnginxbothhowset
Problem
Title says it all I guess. I didn't even know what Ubuntu/Nginx/Docker/etc was a week ago but I've managed to set up Docker/Docker Compose, PHP-FPM, PHPMyAdmin + Gitlab on a reverse proxy through Nginx with somewhat difficulty. My Github repo documenting my steps.
Basically managed to do everything I wanted to do set-up wise. Last step is setting up SSL certs for my site. It wasn't as straightforward as I was hoping, I haven't been able to find any clear guides on what to do regarding setting up Cerbot and having it on automatic renewal through a docker container. Lot of the shorter tutorials seem to use custom Certbot docker images which I'm not sure why they're different, or they have custom shell scripts that make dummy certs and delete them for some reason. The Certbot docker hub page is kind of devoid of any official instructions as well...
Any pointers or instructions would be extremely appreciated, thanks.
Basically managed to do everything I wanted to do set-up wise. Last step is setting up SSL certs for my site. It wasn't as straightforward as I was hoping, I haven't been able to find any clear guides on what to do regarding setting up Cerbot and having it on automatic renewal through a docker container. Lot of the shorter tutorials seem to use custom Certbot docker images which I'm not sure why they're different, or they have custom shell scripts that make dummy certs and delete them for some reason. The Certbot docker hub page is kind of devoid of any official instructions as well...
Any pointers or instructions would be extremely appreciated, thanks.
Solution
Answered my own question, documented my steps on my Github repo.
Recap:
Add Nginx config to desired domains:
Use certbot staging to try out test certificates before running the real deal.
Run the real thing once ready
And then add in Nginx configs redirecting from http to https with ssl cert locations, updating nginx in docker-compose.yml to have access to certs. Go a tiny bit more in-depth about it in my repo
Recap:
Add Nginx config to desired domains:
location ~ /.well-known/acme-challenge {
allow all;
try_files $uri $uri/ /index.php;
}Use certbot staging to try out test certificates before running the real deal.
sudo docker run -it --rm -v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --register-unsafely-without-email --agree-tos --webroot-path=/data/letsencrypt --staging -d example.comRun the real thing once ready
sudo docker run -it --rm --v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --email someemail@account.comAnd then add in Nginx configs redirecting from http to https with ssl cert locations, updating nginx in docker-compose.yml to have access to certs. Go a tiny bit more in-depth about it in my repo
Code Snippets
location ~ /.well-known/acme-challenge {
allow all;
try_files $uri $uri/ /index.php;
}sudo docker run -it --rm -v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --register-unsafely-without-email --agree-tos --webroot-path=/data/letsencrypt --staging -d example.comsudo docker run -it --rm --v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --email someemail@account.comContext
StackExchange DevOps Q#10580, answer score: 1
Revisions (0)
No revisions yet.