Public | Automated Build

Last pushed: a day ago
Short Description
Apache2 container with letsencrypt integrated
Full Description

Apache2 with Let's Encrypt

This is a apache2 docker image with letsencrypt implemented.
Before starting the apache2 deamon, this image will check if certificates for
the hostname domain exist.
If certifacates exists, it will do a certbot renew command to check if
the certificates needs a renewal and renew it if needed.

In the case that certifacates do not exist, it will create it for the domains
in the environment variable LETS_ENCRYPT_DOMAINS
with the email in the LETS_ENCRYPT_EMAIL variable as the Let's Encrypt
registration and recovery contact.
The environment variable LETS_ENCRYPT_DOMAINS can be a comma separated list
of domains that should be in the certificate.

Setup

Setting up with docker

You can specify the variables

docker run -d -v /etc/letsencrypt -v /var/lib/letsencrypt --name letsencryptstore busybox

docker run -d --volumes-from letsencryptstore --restart always \
  -e LETS_ENCRYPT_EMAIL="your@email.com" \
  -e LETS_ENCRYPT_DOMAINS="yourserver.com,site2.yourserver.com" \
  -p "80:80" -p "443:443" \
  --name apache2 enoniccloud/apache2-letsencrypt

Setting up with docker-compose

There are multiple ways of setting up a docker-compose, here is an example of how to set it up with custom configuration.

  • Add the following code to your docker-compose setup:
    apache2:
    build: apache2
    hostname: www.yourserver.com
    restart: always
    volumes_from:
      - letsencryptstore
    ports:
      - "80:80"
      - "443:443"
    environment:
      LETS_ENCRYPT_EMAIL: "your@email.com"
      LETS_ENCRYPT_DOMAINS: "yourserver.com,site2.yourserver.com"
    labels:
      io.enonic.backup.data: "/etc/letsencrypt,/var/lib/letsencrypt"
    letsencryptstore:
    image: busybox
    volumes:
      - "/etc/letsencrypt"
      - "/var/lib/letsencrypt"
    
  • Create the folder apache2 in your docker-compose setup
  • Add a vhost config file like this.
    ```
    <VirtualHost *:80>
    ServerName your.host.com
    DocumentRoot /var/www/html/

    #RewriteEngine on
    #RewriteRule ^/(.*) https://your.host.com/$1 [L,R=301]

</VirtualHost>

<VirtualHost *:443>
ServerName your.host.com
DocumentRoot /var/www/html/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem

RequestHeader set X-Forwarded-Proto "https"
Header always set Strict-Transport-Security "max-age=15768000"

</VirtualHost>

SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on

SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)

- And add a `Dockerfile` that Uses the `enoniccloud/apache2-letsencrypt` image, adds the vhost file you made and other modifications to your setup.

FROM enoniccloud/apache2-letsencrypt

COPY myvhost.conf /etc/apache2/sites-enabled/myvhost.conf

a2enmod headers

```

Troubleshooting

The most common problem happens when this is run the first time and the user can
make a input mistake (like wrong domain name etc.). And fixing it may not
remove the old certificate with mistakes in it. Just delete everything in
/etc/letsencrypt/

Docker Pull Command
Owner
enoniccloud