improve documentation - add dialog dep

This commit is contained in:
Henri Dwyer 2016-09-20 22:50:27 -04:00
parent e78baf4c37
commit 3f7c7f3950
4 changed files with 42 additions and 29 deletions

View File

@ -4,7 +4,7 @@ MAINTAINER Henri Dwyer <henri@dwyer.io>
VOLUME /certs VOLUME /certs
RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\ RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\
&& apk add --no-cache libffi-dev openssl-dev\ && apk add --no-cache libffi-dev openssl-dev dialog\
&& pip install certbot\ && pip install certbot\
&& apk del .build-deps\ && apk del .build-deps\
&& mkdir /scripts && mkdir /scripts

View File

@ -3,13 +3,37 @@ Create and automatically renew website SSL certificates using the letsencrypt fr
This image will renew your certificates every 2 months, and place the lastest ones in the /certs folder in the container, and in the ./certs folder on the host. This image will renew your certificates every 2 months, and place the lastest ones in the /certs folder in the container, and in the ./certs folder on the host.
# Setup # Usage
## Setup
In docker-compose.yml, change the environment variables: In docker-compose.yml, change the environment variables:
- DOMAINS: a space separated list of domains for which you want to generate certificates. - DOMAINS: a space separated list of domains for which you want to generate certificates.
- EMAIL: where you will receive updates from letsencrypt. - EMAIL: where you will receive updates from letsencrypt.
- CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache). - CONCAT: true or false on whether you want to concatenate the certificate's full chain with the private key (required for e.g. haproxy), or keep the two files separate (required for e.g. nginx or apache).
## Running
### Using the automated image
docker run --name certbot -p 80 -v `pwd`/certs:/certs --restart always -e "DOMAINS=domain1.com domain2.com" -e "EMAIL=webmaster@domain1.com" -e "CONCAT=true" henridwyer/docker-letsencrypt-cron
### Building the image
The easiest way to build the image yourself is to use the provided docker-compose file.
```shell
docker-compose up -d
```
The first time you start it up, you may want to run the certificate generation script immediately:
```shell
docker exec certbot ash -c "/scripts/run_certbot.sh"
```
At 3AM, on the 1st of every odd month, a cron job will start the script, renewing your certificates.
# ACME Validation challenge # ACME Validation challenge
To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container. To authenticate the certificates, the you need to pass the ACME validation challenge. This requires requests made on port 80 to your.domain.com/.well-known/ to be forwarded to this container.
@ -50,20 +74,6 @@ server {
``` ```
# Usage
```shell
docker-compose up -d
```
The first time you start it up, you may want to run the certificate generation script immediately:
```shell
docker exec certbot sh -c "/run_certbot.sh"
```
At 3AM, on the 1st of every odd month, a cron job will start the script, renewing your certificates.
# More information # More information
Find out more about letsencrypt: https://letsencrypt.org Find out more about letsencrypt: https://letsencrypt.org

View File

@ -1,12 +1,15 @@
certbot: version: '2'
build: .
container_name: certbot services:
expose: certbot:
- 80 build: .
volumes: container_name: certbot
- ./certs:/certs expose:
restart: always - 80
environment: volumes:
- DOMAINS=domain1.com domain2.com - ./certs:/certs
- EMAIL=webmaster@domain1.com restart: always
- CONCAT=true environment:
- DOMAINS=domain1.com domain2.com
- EMAIL=webmaster@domain1.com
- CONCAT=true

View File

@ -2,7 +2,7 @@ for d in $DOMAINS
do do
echo "Running certbot for $d" echo "Running certbot for $d"
certbot --standalone --standalone-supported-challenges\ certbot --standalone --standalone-supported-challenges\
http-01 --agree-dev-preview --agree-tos --renew-by-default\ http-01 --agree-tos --renew-by-default\
--email $EMAIL -d $d certonly --email $EMAIL -d $d certonly
ec=$? ec=$?
echo "certbot exit code $ec" echo "certbot exit code $ec"