Public | Automated Build

Last pushed: 5 months ago
Short Description
Nginx with integrated certbot
Full Description

nginx + certbot

Templated nginx setup with automatic SSL by certbot

Usage

Required: Define environment variables FQDN and EMAIL for certbot.
Recommended: Mount certs volume to preserve across rebuilds.

docker volume create --name lecrypt
docker run \
    -v lecrypt:/etc/letsencrypt \
    -e "FQDN=example.com" \
    -e "EMAIL=sam@example.com" \
    -p 80:80 -p 443:443 \
    --name abraham \
    grin/abraham

or use the provided docker-compose.yml as an example.

Nginx is configured to load pluggable locations from /etc/nginx/locations-enabled

TODO:

  • switch to S6 for handling background certbot script

  • MAYBE: planB when certbot failed?
    generate self-signed certificate like that:

      RUN mkdir -p $CERTPATH && \
      openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
         -subj '/CN=sni-support-required-for-valid-ssl' \
         -keyout $CERTPATH/privkey.pem \
         -out $CERTPATH/fullchain.pem
    
  • Read: https://hub.docker.com/r/ceroic/certbot-generator/

Work notes

Done: use gosu and exec as described here:

https://docs.docker.com/engine/reference/builder/#/exec-form-entrypoint-example
https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/

Done: On startup, check is performed that FQDN is resolving to this host external IP before attemptiong to run certbot:

EXT_IP=`dig +short myip.opendns.com @resolver1.opendns.com`
FQDN_IP=`dig +short ${FQDN}`

Done: Set a domain for certbot from the active docker machine on Win:

@FOR /f "tokens=*" %i IN ('docker-machine active -t 1') DO set FQDN=%i
Docker Pull Command
Owner
grin
Source Repository

Comments (0)