HiveBrain v1.2.0
Get Started
← Back to all entries
snippetdockerMinor

How do I set up certbot, with Nginx, both in a Docker container?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
containerwithdockercertbotnginxbothhowset

Problem

Title says it all I guess. I didn't even know what Ubuntu/Nginx/Docker/etc was a week ago but I've managed to set up Docker/Docker Compose, PHP-FPM, PHPMyAdmin + Gitlab on a reverse proxy through Nginx with somewhat difficulty. My Github repo documenting my steps.

Basically managed to do everything I wanted to do set-up wise. Last step is setting up SSL certs for my site. It wasn't as straightforward as I was hoping, I haven't been able to find any clear guides on what to do regarding setting up Cerbot and having it on automatic renewal through a docker container. Lot of the shorter tutorials seem to use custom Certbot docker images which I'm not sure why they're different, or they have custom shell scripts that make dummy certs and delete them for some reason. The Certbot docker hub page is kind of devoid of any official instructions as well...

Any pointers or instructions would be extremely appreciated, thanks.

Solution

Answered my own question, documented my steps on my Github repo.

Recap:

Add Nginx config to desired domains:

location ~ /.well-known/acme-challenge {
        allow all;
        try_files $uri $uri/ /index.php;
    }


Use certbot staging to try out test certificates before running the real deal.

sudo docker run -it --rm -v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --register-unsafely-without-email --agree-tos --webroot-path=/data/letsencrypt --staging -d example.com


Run the real thing once ready

sudo docker run -it --rm --v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --email someemail@account.com


And then add in Nginx configs redirecting from http to https with ssl cert locations, updating nginx in docker-compose.yml to have access to certs. Go a tiny bit more in-depth about it in my repo

Code Snippets

location ~ /.well-known/acme-challenge {
        allow all;
        try_files $uri $uri/ /index.php;
    }
sudo docker run -it --rm -v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --register-unsafely-without-email --agree-tos --webroot-path=/data/letsencrypt --staging -d example.com
sudo docker run -it --rm --v /some/place/to/save/letsencrypt:/etc/letsencrypt -v /some/place/to/save/lib:/var/lib/letsencrypt -v /some/place/to/have/html:/data/letsencrypt certbot/certbot certonly --webroot --email someemail@account.com

Context

StackExchange DevOps Q#10580, answer score: 1

Revisions (0)

No revisions yet.