Install cerbot, update README.md with letsencrypt instructions

portchris · Jan 25, 2019 · ad93148 · ad93148
1 parent fd0c4f8
commit ad93148
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -50,13 +50,30 @@ MYSQL_ROOT_PASSWORD=password
 ```
 
 ## LetsEncrypt
+Let's Encrypt is handled by the certbot package installed in the nginx container
+
 ### Environment Set Up
-This is the SSL Certification Companion container that will generate the certs.
-To use it with original nginx-proxy container you must declare 3 writable volumes from the nginx-proxy container:
+To create a certificate, shell into the nginx container and run the following command:
+```
+certbot certonly -a manual --rsa-key-size 4096 --email [email protected] -d yourdomain.com -d www.yourdomain.com
+```
+Follow the on-screen prompts to create the acme challenge, ensure these files are available outside the container (docker cp).
+
+Then edit the nginx file listening on port 443 linking to your new SSL certificate:
 ```
-    /etc/nginx/certs to create/renew Let's Encrypt certificates
-    /etc/nginx/vhost.d to change the configuration of vhosts (needed by Let's Encrypt)
-    /usr/share/nginx/html to write challenge files.
+server {
+
+	...
+	
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	ssl_certificate /etc/letsencrypt/live/yourdomain.com/cert.pem;
+	ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
+	
+	include /etc/nginx/global/ssl-params.conf;
+
+	...
+}
 ```
 
 ### Image

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -23,10 +23,9 @@ services:
       - ./data/nginx/logs:/var/log/nginx
       - ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
       - ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
-      - ./env/nginx/webserver/vhost.d:/etc/nginx/vhost.d
       - ./env/nginx/webserver/defaults:/etc/nginx/defaults
       - ./env/nginx/webserver/global:/etc/nginx/global
-      - ./env/nginx/ssl/certs:/etc/nginx/certs
+      - ./env/nginx/ssl/certs:/etc/letsencrypt/live/
       - ./env/nginx/share:/usr/share/nginx/html
       - /var/run/docker.sock:/tmp/docker.sock:ro
 

diff --git a/env/nginx/Dockerfile b/env/nginx/Dockerfile
@@ -13,7 +13,8 @@ RUN apk update && \
         curl \
         inotify-tools \
 		vim \
-		tzdata
+		tzdata \
+		certbot
 
 
 # Add the www user

diff --git a/env/nginx/webserver/conf.d/naturalremedy.company.template b/env/nginx/webserver/conf.d/naturalremedy.company.template
@@ -35,8 +35,8 @@ server {
 	# SSL configuration
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
-	ssl_certificate certs/default.crt;
-	ssl_certificate_key certs/default.key;
+	ssl_certificate /etc/letsencrypt/live/{VIRTUAL_HOST}/cert.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{VIRTUAL_HOST}/privkey.pem;
 
 	# ssl_trusted_certificate ssl/certs/private/{VIRTUAL_HOST}.cert;
 	# proxy_ssl_trusted_certificate ssl/certs/private/{VIRTUAL_HOST}.cert;
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,8 @@ RUN apk update && \ @@
             curl \
             inotify-tools \
     		vim \
-    		tzdata
+    		tzdata \
+    		certbot
     # Add the www user
@@ Expand Down @@