docker
/
nginx-certbot
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

improve documentation - add dialog dep

This commit is contained in:
Henri Dwyer 2016-09-20 22:50:27 -04:00
parent e78baf4c37
commit 3f7c7f3950
4 changed files with 42 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -4,7 +4,7 @@ MAINTAINER Henri Dwyer <henri@dwyer.io>
VOLUME /certs
RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\
&& apk add --no-cache libffi-dev openssl-dev\
&& apk add --no-cache libffi-dev openssl-dev dialog\
&& pip install certbot\
&& apk del .build-deps\
&& mkdir /scripts

40
README.md
View File

@ -3,13 +3,37 @@ Create and automatically renew website SSL certificates using the letsencrypt fr
This image will renew your certificates every 2 months, and place the lastest ones in the /certs folder in the container, and in the ./certs folder on the host.
# Setup
# Usage
## Setup
In docker-compose.yml, change the environment variables:
- DOMAINS: a space separated list of domains for which you want to generate certificates.
- EMAIL: where you will receive updates from letsencrypt.
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
## Running
### Using the automated image
docker run --name certbot -p 80 -v `pwd`/certs:/certs --restart always -e "DOMAINS=domain1.com domain2.com" -e "EMAIL=webmaster@domain1.com" -e "CONCAT=true" henridwyer/docker-letsencrypt-cron
### Building the image
The easiest way to build the image yourself is to use the provided docker-compose file.
```shell
docker-compose up -d
```
The first time you start it up, you may want to run the certificate generation script immediately:
```shell
docker exec certbot ash -c "/scripts/run_certbot.sh"
```
At 3AM, on the 1st of every odd month, a cron job will start the script, renewing your certificates.
# ACME Validation challenge
To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container.
@ -50,20 +74,6 @@ server {
```
# Usage
```shell
docker-compose up -d
```
The first time you start it up, you may want to run the certificate generation script immediately:
```shell
docker exec certbot sh -c "/run_certbot.sh"
```
At 3AM, on the 1st of every odd month, a cron job will start the script, renewing your certificates.
# More information
Find out more about letsencrypt: https://letsencrypt.org

27
docker-compose.yml
View File

@ -1,12 +1,15 @@
certbot:
build: .
container_name: certbot
expose:
- 80
volumes:
- ./certs:/certs
restart: always
environment:
- DOMAINS=domain1.com domain2.com
- EMAIL=webmaster@domain1.com
- CONCAT=true
version: '2'
services:
certbot:
build: .
container_name: certbot
expose:
- 80
volumes:
- ./certs:/certs
restart: always
environment:
- DOMAINS=domain1.com domain2.com
- EMAIL=webmaster@domain1.com
- CONCAT=true

2
scripts/run_certbot.sh
View File

@ -2,7 +2,7 @@ for d in $DOMAINS
do
echo "Running certbot for $d"
certbot --standalone --standalone-supported-challenges\
http-01 --agree-dev-preview --agree-tos --renew-by-default\
http-01 --agree-tos --renew-by-default\
--email $EMAIL -d $d certonly
ec=$?
echo "certbot exit code $ec"