https://github.com/mbrugger/letsencrypt-nginx-docker

Sample configs and documentation for configuring letsencrypt using nginx and the dockerized client
https://github.com/mbrugger/letsencrypt-nginx-docker

Last synced: about 1 month ago
JSON representation

Sample configs and documentation for configuring letsencrypt using nginx and the dockerized client

• Host: GitHub
• URL: https://github.com/mbrugger/letsencrypt-nginx-docker
• Owner: mbrugger
• License: mit
• Created: 2015-10-31T18:26:58.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2015-12-28T20:55:24.000Z (over 9 years ago)
• Last Synced: 2024-11-04T09:37:38.801Z (6 months ago)
• Language: Shell
• Homepage:
• Size: 62.5 KB
• Stars: 79
• Watchers: 5
• Forks: 8
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-starred - mbrugger/letsencrypt-nginx-docker - Sample configs and documentation for configuring letsencrypt using nginx and the dockerized client (others)

README

        
# letsencrypt-nginx-docker

Samples configs and documentation for configuring letsencrypt using nginx and the dockerized client

In this little guide I want to show an easy setup on how to integrate let's encrypt with an nginx/docker setup using a shared volume and the webroot plugin.

I previously used the "standalone" webserver plugin but a letsencrypt update did break the renewal process for me, so I tried the webroot plugin.

Therefore I did take the following approach to create a setup which is capable of automatic updates.

The frontend nginx as reverse proxy is in my case redirecting requests to different docker applications

![container setup](containers.png)

The letsencrypt client writes the files used for webroot authentication into a shared folder which is served by the nginx to the letsencrypt server performing the authentication.

## Setup

Always find&replace my.example.com with your hostname.

1. I added a location in the relevant server block redirecting the letsencrypt requests to the shared volume of the letsencrypt container.

(See `nginx-vhost.conf`)

        location /.well-known/acme-challenge {

                root /tmp/letsencrypt/www;

        }

The application continues normal operation without any configuration changes which I think is the best way of integrating letsencrypt certificates.

2. The script to run the docker container for requesting a certificate now only needs to be executed with the correct ports mapped. (See `request_certificate.sh`)

        #!/bin/bash

        mkdir -p /tmp/letsencrypt/www

        docker run -it --rm --name letsencrypt \

            -v "/etc/letsencrypt:/etc/letsencrypt" \

            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \

            -v "/tmp/letsencrypt/www:/var/www" \

            quay.io/letsencrypt/letsencrypt:latest auth --authenticator webroot --webroot-path /var/www --renew-by-default --server \

            https://acme-v01.api.letsencrypt.org/directory -d my.example.com

Issuing the certificate and also renewal work this way without a problem.