====== nginx with certbot by Jonas Alfredsson ======

[[https://github.com/JonasAlfredsson/docker-nginx-certbot/]]

<code bash Prepare the Installation>mkdir -p /etc/nginx/user_conf.d/
mkdir -p /etc/nginx/nginx_secrets/
ufw allow 80
ufw allow 443</code>

:!: Change email in the following command!
<code bash Run the Container>docker run -it -p 80:80 -p 443:443 \
           --env CERTBOT_EMAIL=<INSERT@E.MAIL> \
           -v /etc/nginx/nginx_secrets:/etc/letsencrypt \
           -v /etc/nginx/user_conf.d:/etc/nginx/user_conf.d:ro \
           --name nginx-certbot jonasal/nginx-certbot:latest</code>

:!: Replace all CAPITALIZED items in the following example!
<code bash EXAMPLE: /etc/nginx/user_conf.d/NAME_OF_CONF.conf>server {
    listen 443 ssl;

    # Domain names this server should respond to.
    server_name SUBDOMAIN;

    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/uptime/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/uptime/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/uptime/chain.pem;

    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

    # Configure the proxy specifics.
    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_http_version 1.1;
        proxy_pass http://FULLY_QUALIFIED_DOMAIN_NAME_OF_HOST:PORT_OF_CONTAINER_BEHIND_PROXY;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
</code>

<code bash Force Certificate Check>docker kill --signal=HUP nginx-certbot</code>