Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server.

2023-07-05 20:54:53 -07:00 · 2023-07-05 20:54:53 -07:00 · bf2bcf78ea
commit bf2bcf78ea
parent bf0e25cfb0
3 changed files with 35 additions and 16 deletions
--- a/Config/ReverseProxy/Dockerfile
+++ b/Config/ReverseProxy/Dockerfile
@ -6,7 +6,7 @@ FROM nginx

 # Add all the configuration files to the environment.
 COPY ./config/nginx.conf /etc/nginx/nginx.conf
-COPY ./config/conf.d/* /etc/nginx/conf.d/
+COPY ./config/conf.d/*.* /etc/nginx/conf.d/

 # Create "working" certificates for the example configuration file.
 RUN mkdir -p /etc/nginx/certs/example.com
--- a/Config/ReverseProxy/config/nginx.conf
+++ b/Config/ReverseProxy/config/nginx.conf
@ -1,20 +1,20 @@
 # 2022-10-05 Hyperling

-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log notice;
-pid        /var/run/nginx.pid;
+user nginx;
+worker_processes auto;

+error_log /var/log/nginx/error.log notice;
+pid       /var/run/nginx.pid;

 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }


+
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
@ -22,12 +22,21 @@ http {

    access_log /var/log/nginx/access.log main;

-    sendfile        on;
-    #tcp_nopush      on;
+    sendfile on;
+    #tcp_nopush on;

    keepalive_timeout 65;

-    #gzip  on;
+    #gzip on;

+    ## LetsEncrypt Certbot Setup ##
+    # Allow nginx to fulfill LetsEncrypt Certbot challenges.
+    server {
+        location /.well-known/acme-challenge/ {
+            root /etc/nginx/certs-letsencrypt;
+        }
+    }
+
+    ## Reverse Proxied Website Configurations ##
    include /etc/nginx/conf.d/*;
 }
--- a/Config/ReverseProxy/docker-compose.yml
+++ b/Config/ReverseProxy/docker-compose.yml
@ -1,8 +1,9 @@
 # 2022-10-05 Hyperling
-# Reverse Proxy
-# This is a revised version of the original work here:
+# Reverse Proxy with LetsEncrypt Certbot.
+# This is a revised version of these works:
 #   https://phoenixnap.com/kb/docker-nginx-reverse-proxy
 #   https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
+#   https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71

 version: '3'

@ -11,5 +12,14 @@ services:
    build: .
    restart: always
    ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt
+      - ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"