certbot docker-compose

Апр 26, 2024

—

от автора

cd /var/www/
mkdir letsencrypt
cd letsencrypt
mkdir certbot
cd certbot
mkdir conf  
mkdir www
nano docker-compose.yml

docker-compose.yml

version: '3'
services:
  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw

nano /etc/nginx/sites-available/site

server {
    # Listen HTTP
    listen 80;
    server_name site.ru;
    server_tokens off;
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/certbot/www;
    }

}

TEST

docker compose run --rm certbot certonly --dry-run --webroot --webroot-path /var/www/certbot/ -d site.ru -v

PROD

docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d site.ru -v

nano /etc/nginx/sites-available/site

server {
       
        listen 443 ssl;
        server_name site.ru;

        ssl_certificate  /var/www/letsencrypt/certbot/conf/live/site.ru/fullchain.pem;
        ssl_certificate_key /var/www/letsencrypt/certbot/conf/live/site.ru/privkey.pem;
        root /var/www/site;
        index index.html;



        location / {
        proxy_pass http://3000;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;
        }



}

docker compose run --rm certbot renew --dry-run

certbot docker-compose

Комментарии

Добавить комментарий Отменить ответ