docker-nginx-certbot

#docker #nginx #ssl #certbot

Go to file

sangyun 7498cabd98 fix entrypoint.sh		2024-01-17 20:30:15 +09:00
Dockerfile	initial create	2024-01-17 20:07:17 +09:00
README.md	fix entrypoint.sh	2024-01-17 20:30:15 +09:00
create-cert-cloudflare.sh	initial create	2024-01-17 20:07:17 +09:00
entrypoint.sh	fix entrypoint.sh	2024-01-17 20:30:15 +09:00

README.md

docker build

docker build -t nginx-certbot .

docker run

docker run -d \
-v path:/etc/letsencrypt/ \
-v path:/etc/nginx/conf.d \
-v path:/etc/nginx/nginx.conf:ro \
-v path:/etc/nginx/sites-enabled \
-v path:/var/www \
-e CLOUDFLARE_EMAIL="youremail" \
-e CLOUDFLARE_API_KEY="yourkey" \
-e DOMAIN="your.domain.com,*.domain.com"
--net host \
--name nginx \
--restart=always \
nginx-certbot

docker compose

version: "3.5"

services:
  nginx:
    build: .
    environment:
      DOMAIN: "domain.com,*.domain.com"     # 등록할 도메인 주소
      CLOUDFLARE_EMAIL: "your@email.com"    # 클라우드플레어 이메일주소
      CLOUDFLARE_API_KEY: "your-key"        # 클라우드플레어 api 키
    volumes:
      - path:/etc/letsencrypt/              # certbot 이 생성한 키 보관위치
      - path:/etc/nginx/conf.d              # nginx conf.d 폴더
      - path/nginx.conf:/etc/nginx/nginx.conf:ro # nginx.confg
      - path:/etc/nginx/sites-enabled       # nginx sites-enalbe 폴더
      - path:path:/var/www                  # 기본 www 폴더
    network_mode: host                      # 용도에 맞게 변환

create certificate

# enter nginx bash shell
docker exec -it nginx bash

# excute shell script
./ create-cert-cloudflare.sh

# reload nginx
nginx -s reload

acme-challenge.conf

acme-challenge.conf 을 conf.d 에 포함

server {
    listen 80;
    listen [::]:80;
    server_name your.domain;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/html;
    }
}