nginx-certbot/README.md

81 lines
2.3 KiB
Markdown
Raw Normal View History

2015-11-22 19:46:24 +00:00
# docker-letsencrypt-cron
2016-09-21 01:12:59 +00:00
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*.
2015-11-22 19:46:24 +00:00
2016-09-21 01:12:59 +00:00
This image will renew your certificates every 2 months, and place the lastest ones in the /certs folder in the container, and in the ./certs folder on the host.
2015-11-22 19:46:24 +00:00
# Setup
In docker-compose.yml, change the environment variables:
2016-09-21 01:12:59 +00:00
- DOMAINS: a space separated list of domains for which you want to generate certificates.
- EMAIL: where you will receive updates from letsencrypt.
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
2015-11-22 19:46:24 +00:00
# ACME Validation challenge
2016-09-21 01:12:59 +00:00
To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container.
The recommended way to use this image is to set up your reverse proxy to automatically forward requests for the ACME validation challenges to this container.
2015-11-22 19:46:24 +00:00
## Haproxy example
If you use a haproxy reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
``` haproxy
frontend http
bind *:80
acl letsencrypt_check path_beg /.well-known
2016-09-21 01:12:59 +00:00
use_backend certbot if letsencrypt_check
2015-11-22 19:46:24 +00:00
2016-09-21 01:12:59 +00:00
backend certbot
server certbot certbot:80 maxconn 32
2015-11-22 19:46:24 +00:00
```
## Nginx example
If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
``` nginx
2016-09-21 01:12:59 +00:00
upstream certbot_upstream{
server certbot:80;
2015-11-22 19:46:24 +00:00
}
server {
listen 80;
location '/.well-known/acme-challenge' {
default_type "text/plain";
2016-09-21 01:12:59 +00:00
proxy_pass http://certbot_upstream;
2015-11-22 19:46:24 +00:00
}
}
```
# Usage
```shell
docker-compose up -d
```
The first time you start it up, you may want to run the certificate generation script immediately:
```shell
2016-09-21 01:12:59 +00:00
docker exec certbot sh -c "/run_certbot.sh"
2015-11-22 19:46:24 +00:00
```
2016-02-11 23:09:47 +00:00
At 3AM, on the 1st of every odd month, a cron job will start the script, renewing your certificates.
# More information
Find out more about letsencrypt: https://letsencrypt.org
2016-09-21 01:12:59 +00:00
Certbot github: https://github.com/certbot/certbot
# Changelog
### 0.2
- Upgraded to use certbot client
- Changed image to use alpine linux
2016-09-21 01:12:59 +00:00
### 0.1
- Initial release