https://github.com/drakmord2/docker-nginx-certbot
Docker boilerplate for Nginx + Certbot on non-interactive systems
https://github.com/drakmord2/docker-nginx-certbot
aws certbot docker nginx
Last synced: 2 months ago
JSON representation
Docker boilerplate for Nginx + Certbot on non-interactive systems
- Host: GitHub
- URL: https://github.com/drakmord2/docker-nginx-certbot
- Owner: Drakmord2
- License: gpl-3.0
- Created: 2022-01-15T09:40:46.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2022-01-31T00:12:15.000Z (over 4 years ago)
- Last Synced: 2025-02-21T15:51:30.172Z (over 1 year ago)
- Topics: aws, certbot, docker, nginx
- Language: Shell
- Homepage:
- Size: 35.2 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Docker-Nginx-Certbot
Generating TLS certificates through [`Certbot`][1] for a dockerized web application can be tricky and require manual configurations, specially on a host machine without terminal access (e.g. AWS Elastic Beanstalk).
One could setup a load balancer (e.g. AWS ELB) that deals with the TLS certificates, but for single instance systems that may be an overkill/expensive solution.
This project aims to remove the complexity of this task by deploying a Docker container that will manage creation and renewal of TLS certificates automatically.
# Usage
This is a boilerplate, therefore it needs to be integrated into your project. The files and folders of this project have the `-dnc` suffix so it's harder to overwrite any of your files by accident.
## Before you start
- This guide expects you to already own a domain which points at the correct IP address, and that you have both port 80 and 443 correctly forwarded if you are behind NAT.
- The `docker-compose-dnc.yml` example file has the necessary structure to build the project correctly. You can just port the necessary parts to your own docker-compose file or just update it with your api service.
- The `nginx-certbot` service should be able to reach the api service, usually thats achieved by placing both services on the same Docker network.
When you're happy with you configuration just run:
```
docker-compose -f up
```
---
## Docker Environment
### Required
- `DOMAIN`: The domain that will receive the certificate.
- `CERTBOT_EMAIL`: Your e-mail address. Used by Let's Encrypt to contact you in case of security issues.
### Optional
- `API_DOCKER_SERVICE`: Docker service name for your API. Used to configure reverse proxy. (default: `production-api`)
- `API_DOCKER_PORT`: Docker container port for your API. Used to configure reverse proxy. (default: `8080`)
- `STAGING`: Set to `1` to use Let's Encrypt's staging servers (default: `0`)
- `FORCE_RENEWAL`: Set to `1` to force Certbot to renew the certificate, even if it isn't expired. [Beware of rate limits] (default: `0`)
- `RENEWAL_INTERVAL`: Time interval between Certbot's renewal checks (default: `12h`)
- `RSA_KEY_SIZE`: The size of the RSA encryption keys (default: `2048`)
- `USE_ECDSA`: Set to `0` to have certbot use RSA instead of ECDSA (default: `1`)
- `ELLIPTIC_CURVE`: The size/curve of the ECDSA keys (default: `secp256r1`)
### Advanced
- `DEBUG`: Set to `1` to enable debug messages and use the `nginx-debug` binary (default: `0`)
# Acknowledgments
This repository is heavily based on [`@JonasAlfredsson`][2]'s work. If you like this version you should also leave a star on his repo.
[1]: https://certbot.eff.org
[2]: https://github.com/JonasAlfredsson/docker-nginx-certbot