devops beginner: Docker NGINX and letsencrypt

How Already said in my previous post I’m a novice of docker, and also in this case probably exist better ways for to install a letsencrypt SSL certificate on a container based on official docker image of NGINX.

First thing to do is download the docker image of the certbot Letsencrypt and set two volumes where we can access the certificates that will be created:

sudo docker run -it — rm -p 443:443 -p 83:80 — name certbot \
 -v “/local/path/mycertificate/letsencrypt:/etc/letsencrypt” \
 -v “/local/path/mycertificate/letsencrypt-lib/:/var/lib/letsencrypt” \
certbot/certbot certonly

after that you must follow the automated configuration, declaring the domain that needs of the certificate.

N.B: The certificate creation run correctly only on machine where DNS domain point, on a local machine return an error.

If all Ok, in your local path you should be find a series of folder, and in particular in your /local/path/mycertificate/letsencrypt/ you will find a folder with the name of the domain, example:

/local/path/mycertificate/letsencrypt/mydomain.com

inside that, you will find the certicate.

Now it’s time to install NGINX (you can chek to my previus post for know more):

docker pull nginx

In this instance, we go also to occupy not only the port 80 but also the port 443, we will use it for https://.

And through the “volumes” we share the folder that contain the certificates on our local path with the home folder of nginx.

docker run --name docker-nginx -p 80:80 -p 443:443 -v /local/path/nginx-config/default.conf:/etc/nginx/conf.d/default.conf -v /home/strategylab/nginx-config/nginx.conf:/etc/nginx/nginx.conf -v /home:/home -d nginx

Now the only things that remain to do is call the certicate ssl in default.conf of nginx, adding this 3 lines:

ssl on;
ssl_certificate /home/my/path/certificate/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /home/my/path/certificate/letsencrypt/live/mydomain.com/privkey.pem;


server {
    listen       443;
    server_name  mydomain.com  www.mydomain.com;
    
    ssl on;
    ssl_certificate /home/xxxxx/certificati/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /home/xxxx/certificati/letsencrypt/live/mydomain.com/privkey.pem;




    # Proxying the connections connections
        location / {
            proxy_pass         http://89.46.70.64:8081;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;


}
}

devops beginner

giovedì 29 marzo 2018

Docker NGINX and letsencrypt

Nessun commento:

Posta un commento

Install Elasticsearch on Ubuntu

footer advertising

Segnala una violazione

server {
	listen 443;
	server_name mydomain.com www.mydomain.com;

	ssl on;
	ssl_certificate /home/xxxxx/certificati/letsencrypt/live/mydomain.com/fullchain.pem;
	ssl_certificate_key /home/xxxx/certificati/letsencrypt/live/mydomain.com/privkey.pem;


	# Proxying the connections connections
	location / {
	proxy_pass http://89.46.70.64:8081;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $server_name;

	}
	}