#migrated #legacy #lets_encrypt #nginx #docker

Title: how to setup docker nginx letsencrypt

Created: 19 Mar 2023 Modified: 19 Mar 2023

Description:

[Main Ref Link]

[docker hub official nginx]

[Ningx Setup Chinese]

Generate Client Cert

Intermediate CA

Please install the docker before start this how to.

Install docker on CentOS

Instructions

Setup Nginx base version

1. create needed directory

   mkdir /data 
   mkdir /data/nginx 
   mkdir /data/nginx/conf 
   mkdir /data/nginx/web 
   mkdir /data/nginx/cert
   mkdir /data/nginx/logs
   touch /data/nginx/logs/log
   

2. create config

   vim /data/nginx/conf/app.conf
   =========
   error_log /usr/share/nginx/logs/log debug;
   server {
       listen 80;
   
       #change example.com to your domain
       server_name {example.com};
       location / {
           return 301 https://$host$request_uri;
       }
           location /.well-known/acme-challenge/ {
                   root /var/www/certbot;
           }
   }
   server {
       listen 443 ssl;
   
       #change example.com to your domain
       server_name {example.com};
   
       include /etc/letsencrypt/options-ssl-nginx.conf;
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
   
       #change example.com to your domain
       ssl_certificate /etc/letsencrypt/live/{example.com}/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/{example.com}/privkey.pem;
   
       location / {
           #proxy_pass http://example.org; #for demo purposes
           root /usr/share/nginx/html;
           index  index.html index.htm;
       }
   }
   

3. create temp index

   vim /data/nginx/web/index.html
   =========
   helloworld
   

4. docker-compose.yml

   version: '3'
   services:
     nginx:
        image: nginx
        ports:
          - "80:80"
          - "443:443"
        volumes:
          - /data/nginx/conf:/etc/nginx/conf.d
          - /data/nginx/web:/usr/share/nginx/html
          - /data/certbot/logs:/usr/share/nginx/logs
          - /data/nginx/client-cert:/usr/share/nginx/client-cert
          - /data/certbot/conf:/etc/letsencrypt
          - /data/certbot/www:/var/www/certbot
     certbot:
       image: certbot/certbot
       volumes:
         - /data/certbot/conf:/etc/letsencrypt
         - /data/certbot/www:/var/www/certbot
   

5. download init shell script

   curl -L https://raw.githubusercontent.com/wmnnd/nginx-certbot/master/init-letsencrypt.sh > init-letsencrypt.sh
   chmod +x init-letsencrypt.sh
   

6. update init-letsencrypt.sh

   #====================
   domains={your domain}
   rsa_key_size=4096
   data_path="../certbot" #path to cert location
   email="" # Adding a valid address is strongly recommended
   staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
   #=====================
   

Related articles

• Page:

  How to install docker on Raspberry PI

• Page:

  Install jupyter notebook from docker

[Legacy Link]