Based on https://hub.docker.com/r/kvaps/letsencrypt-webroot and uses the letsencrypt webroot method. Starts a nginx docker container listening on port 80 (Don't forget to shut down other listening services!).
Build and deploy. Service will automatically start the process. Beware
that this will clog up port 80. An idea for improvement could be to provide
a "Temporary down page". Set env HOSTNAME either in .env or directly:
HOSTNAME="example.com" docker-compose upThis will create certificate and key in directory: /etc/letsencrypt/live/${HOSTNAME}/.
Here is a nginx reverse-proxy example:
http {
server {
listen 443 ssl http2;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
}
Beware: all commands after this will be executed on the remote host!
eval $(docker-machine env "$MACHINE_NAME")Don't forget to shutdown other services listening on port 80 before! Something like this:
# Find out which container is the webserver
docker ps
# Stop it temporarily
docker stop $CONTAINER_IDHOSTNAME="example.com" docker-compose upWhen the script says all is good. Restart the original webserver: (only when renewing certs)
docker start $CONTAINER_IDNow there's a certificate and key here:
/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem/etc/letsencrypt/live/${HOSTNAME}/privkey.pem
If you're using docker: add a volume to the nginx container, e.g., in docker-compose:
volumes:
- /etc/letsencrypt:/etc/letsencrypt
Now the nginx container will be able to access the certs on the host machine.