meta data for this page
  •  

nginx with certbot by Jonas Alfredsson

https://github.com/JonasAlfredsson/docker-nginx-certbot/

Prepare the Installation
mkdir -p /etc/nginx/user_conf.d/
mkdir -p /etc/nginx/nginx_secrets/
ufw allow 80
ufw allow 443

:!: Change email in the following command!

Run the Container
docker run -it -p 80:80 -p 443:443 \
           --env CERTBOT_EMAIL=<INSERT@E.MAIL> \
           -v /etc/nginx/nginx_secrets:/etc/letsencrypt \
           -v /etc/nginx/user_conf.d:/etc/nginx/user_conf.d:ro \
           --name nginx-certbot jonasal/nginx-certbot:latest

:!: Replace all CAPITALIZED items in the following example!

EXAMPLE: /etc/nginx/user_conf.d/NAME_OF_CONF.conf
server {
    listen 443 ssl;
 
    # Domain names this server should respond to.
    server_name SUBDOMAIN;
 
    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/uptime/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/uptime/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/uptime/chain.pem;
 
    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
 
    # Configure the proxy specifics.
    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_http_version 1.1;
        proxy_pass http://FULLY_QUALIFIED_DOMAIN_NAME_OF_HOST:PORT_OF_CONTAINER_BEHIND_PROXY;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
Force Certificate Check
docker kill --signal=HUP nginx-certbot