me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server.

Browse Source
This commit is contained in:
Hyperling
2023-07-05 20:54:53 -07:00
parent bf0e25cfb0
commit bf2bcf78ea
3 changed files with 35 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Config/ReverseProxy/Dockerfile
View File

@@ -6,7 +6,7 @@ FROM nginx
# Add all the configuration files to the environment. # Add all the configuration files to the environment.
COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/nginx.conf /etc/nginx/nginx.conf
COPY ./config/conf.d/* /etc/nginx/conf.d/ COPY ./config/conf.d/*.* /etc/nginx/conf.d/
# Create "working" certificates for the example configuration file. # Create "working" certificates for the example configuration file.
RUN mkdir -p /etc/nginx/certs/example.com RUN mkdir -p /etc/nginx/certs/example.com

31
Config/ReverseProxy/config/nginx.conf
View File

@@ -1,20 +1,20 @@
# 2022-10-05 Hyperling # 2022-10-05 Hyperling
user nginx; user nginx;
worker_processes auto; worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@@ -22,12 +22,21 @@ http {
access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log main;
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;
#gzip on; #gzip on;
## LetsEncrypt Certbot Setup ##
# Allow nginx to fulfill LetsEncrypt Certbot challenges.
server {
location /.well-known/acme-challenge/ {
root /etc/nginx/certs-letsencrypt;
}
}
## Reverse Proxied Website Configurations ##
include /etc/nginx/conf.d/*; include /etc/nginx/conf.d/*;
} }

18
Config/ReverseProxy/docker-compose.yml
View File

@@ -1,8 +1,9 @@
# 2022-10-05 Hyperling # 2022-10-05 Hyperling
# Reverse Proxy # Reverse Proxy with LetsEncrypt Certbot.
# This is a revised version of the original work here: # This is a revised version of these works:
# https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://phoenixnap.com/kb/docker-nginx-reverse-proxy
# https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
# https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
version: '3' version: '3'
@@ -11,5 +12,14 @@ services:
build: . build: .
restart: always restart: always
ports: ports:
- 80:80 - "80:80"
- 443:443 - "443:443"
volumes:
- ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
volumes:
- ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt
- ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"