====== nginx with certbot by Jonas Alfredsson ======
[[https://github.com/JonasAlfredsson/docker-nginx-certbot/]]
mkdir -p /etc/nginx/user_conf.d/
mkdir -p /etc/nginx/nginx_secrets/
ufw allow 80
ufw allow 443
:!: Change email in the following command!
docker run -it -p 80:80 -p 443:443 \
--env CERTBOT_EMAIL= \
-v /etc/nginx/nginx_secrets:/etc/letsencrypt \
-v /etc/nginx/user_conf.d:/etc/nginx/user_conf.d:ro \
--name nginx-certbot jonasal/nginx-certbot:latest
:!: Replace all CAPITALIZED items in the following example!
server {
listen 443 ssl;
# Domain names this server should respond to.
server_name SUBDOMAIN;
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/uptime/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/uptime/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/uptime/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
# Configure the proxy specifics.
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://FULLY_QUALIFIED_DOMAIN_NAME_OF_HOST:PORT_OF_CONTAINER_BEHIND_PROXY;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
docker kill --signal=HUP nginx-certbot