Public | Automated Build

Last pushed: a year ago
Short Description
Generate SSL certificate from Let's Encrypt
Full Description

docker-letsencrypt

This repository contains the Dockerfile to build a docker container to run Let's Encrypt and obtain a free SSL/TLS certificate. This is an automated build published to the Docker Hub Registry.

Usage

  1. Set up a http server, such as apache or nginx.
  2. Download automated build from public Docker Hub Registry: docker pull ecardoso/letsencrypt

    (alternatively, you can build it yourself: docker build -t="letsencrypt" github.com/eduardocardoso/docker-letsencrypt)

  3. Start an instance of this container:

     docker run -it \
                -v <webroot>:/webroot \
                -v <letsencrypt>:/etc/letsencrypt \
                ecardoso/letsencrypt \
                -d <domain_name>
    

    \<webroot\> is the folder that your http server serves as root;
    \<letsencrypt\> is a folder to store all the files generated by letsencrypt, including certificate, private keys and chain of trust.
    _\<domain_name>> is the domain name for which you are requesting the certificate. You can add as many subdomains as you like just by adding -d <domain_name> on the end of the command for each subdomain.

  4. The application will ask for an email and to agree to the terms of service.

  5. If everything runs correctly the container will exit and your certificate files will be at _\<letsencrypt\>/live/\<domain_name\>_

Example usage:

  mkdir /ssl
  mkdir /ssl/letsencrypt
  mkdir /ssl/webroot

  echo "server {
      listen       80;
      server_name  example.com www.example.com;

      location /.well-known {
          root /usr/share/nginx/html;
          try_files $uri $uri/ $uri.html =404;
      }
  }" > /ssl/nginx.conf

  docker run -d \
             -v /ssl/webroot:/usr/share/nginx/html \
             -v /ssl/nginx.conf:/etc/nginx/conf.d/nginx.conf \
             -p 80:80 \
             --name nginx \
             nginx
  docker run -it \
              -v /ssl/webroot:/webroot \
              -v /ssl/letsencrypt:/etc/letsencrypt \
              ecardoso/letsencrypt \
              -d example.com \
              -d www.example.com
  # Enter email and agree to the TOS

  docker stop nginx
  docker rm nginx

  openssl dhparam -out /ssl/dhparam.pem 2048

  echo "server {
      listen       443 ssl;
      server_name  example.com www.example.com;

      ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_prefer_server_ciphers on;
      ssl_dhparam /etc/ssl/certs/dhparam.pem;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:50m;
      ssl_stapling on;
      ssl_stapling_verify on;
      add_header Strict-Transport-Security max-age=15768000;

      location / {
          root /usr/share/nginx/html;
          try_files $uri $uri/ $uri.html =404;
      }
  }

  server {
      listen 80;
      server_name example.com www.example.com;
      return 301 https://$host$request_uri;
  }" > /ssl/nginx.conf

  docker run -d \
             -v /ssl/webroot:/usr/share/nginx/html \
             -v /ssl/nginx.conf:/etc/nginx/conf.d/nginx.conf \
             -v /ssl/letsencrypt:/etc/letsencrypt \
             -v /ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem \
             -p 443:443 \
             -p 80:80 \
             --name nginx \
             nginx

  # Nginx should be serving files in /ssl/webroot via HTTPS with a valid certificate now.
Docker Pull Command
Owner
ecardoso

Comments (0)