NEW: Lets encrypt SSL Sign
This commit is contained in:
parent
f73543cbe2
commit
95a9c62236
|
@ -0,0 +1,94 @@
|
|||
# Generate SSL Certificates using Certbot and Docker
|
||||
|
||||
Based on [this post](https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx)
|
||||
|
||||
## Preparation
|
||||
1. In `pwd` create `Site` with a dummy `index.html`
|
||||
|
||||
2. Create `docker-compose.yml` with the following content:
|
||||
```
|
||||
version: '3.1'
|
||||
|
||||
services:
|
||||
letsencrypt:
|
||||
image: nginx:latest
|
||||
container_name: letsencrypt
|
||||
ports:
|
||||
- 80:80
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/conf.d/default.conf
|
||||
- ./Site:/usr/share/nginx/html
|
||||
networks:
|
||||
- docker-network
|
||||
|
||||
networks:
|
||||
docker-network:
|
||||
driver: bridge
|
||||
```
|
||||
|
||||
3. Create `nginx.conf` with the following content:
|
||||
```
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name jeanclaudegraf.ch *.jeanclaudegraf.ch;
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Sign Certificate for Domain or Subdomain
|
||||
1. Create Subdomain and all necessary records
|
||||
|
||||
2. Start Nginx docker service `docker-compose up`
|
||||
|
||||
3. Create Test Certificate
|
||||
```
|
||||
sudo docker run -it --rm \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v ${PWD}/Site:/data/letsencrypt \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
|
||||
certbot/certbot \
|
||||
certonly --webroot \
|
||||
--register-unsafely-without-email --agree-tos \
|
||||
--webroot-path=/data/letsencrypt \
|
||||
--staging \
|
||||
-d www.jeanclaudegraf.ch
|
||||
```
|
||||
|
||||
3. Remove temp files `rm -rf /docker-volume/`
|
||||
|
||||
4. Create Certificate
|
||||
```
|
||||
sudo docker run -it --rm \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v ${PWD}/Site:/data/letsencrypt \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/var/log/letsencrypt:/var/log/letsencrypt \
|
||||
certbot/certbot \
|
||||
certonly --webroot \
|
||||
--email mail@jeanclaudegraf.ch --agree-tos --no-eff-email \
|
||||
--webroot-path=/data/letsencrypt \
|
||||
-d www.jeanclaudegraf.ch -d jeanclaudegraf.ch
|
||||
```
|
||||
|
||||
5. Get Info about certificate
|
||||
```
|
||||
sudo docker run --rm -it --name certbot \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /home/jeanclaude/HomeServer/Ssl/var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v ${PWD}/Site:/data/letsencrypt \
|
||||
certbot/certbot \
|
||||
--staging \
|
||||
certificates
|
||||
```
|
||||
|
||||
6. Stop Nginx docker container `docker-compose down`
|
Loading…
Reference in New Issue