sangyun
/
docker-nginx-certbot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial create

This commit is contained in:
sangyun 2024-01-17 20:07:17 +09:00
commit 83049e9590
5 changed files with 114 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Dockerfile Normal file
View File

@ -0,0 +1,34 @@
FROM ubuntu:22.04
# set timezone
ENV TIMEZONE=Asia/Seoul
RUN ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
# install nginx cerbot etc.
RUN apt-get update -y \
&& apt-get install -y \
cron \
nginx \
certbot \
python3-certbot-nginx \
python3-certbot-dns-cloudflare \
&& rm -rf /var/cache/apk/*
# setup nginx
RUN echo "daemon off;" >> /etc/nginx/nginx.conf && chown -R www-data:www-data /var/lib/nginx
# expose port
EXPOSE 80 443
# work dir
WORKDIR /home
ADD acme-challenge.conf .
ADD create-cert-cloudflare.sh .
ADD entrypoint.sh .
# crontab add
RUN chmod +x entrypoint.sh create-cert-cloudflare.sh
# Run
CMD ["/home/entrypoint.sh"]

41
README.md Normal file
View File

@ -0,0 +1,41 @@
## docker build
```sh
docker build -t nginx-certbot .
```
## docker run
```sh
docker run -d \
-v path:/etc/letsencrypt/ \
-v path:/etc/nginx/conf.d \
-v path:/etc/nginx/nginx.conf:ro \
-v path:/etc/nginx/sites-enabled \
-v path:/var/www \
--net host \
--name nginx \
--restart=always \
nginx-certbot
```
## 인증서 발급
```sh
docker exec -it nginx bash
# create cloudflare ini
echo dns_cloudflare_email=your@email.address > /etc/letsencrypt/cloudflare.ini
echo dns_cloudflare_api_key=your@key >> /etc/letsencrypt/cloudflare.ini
# set 600 permission
chmod 600 /etc/letsencrypt/cloudflare.ini
# create ssl certifications
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
--email your@email.address\
--agree-tos \
--no-eff-email \
-d your.domain,*.your.domain
nginx -s reload
```

10
acme-challenge.conf Normal file
View File

@ -0,0 +1,10 @@
server {
listen 8080;
listen [::]:8080;
server_name ydev.me;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
}

15
create-cert-cloudflare.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
mkdir -p /home/letsencrypt
echo dns_cloudflare_email=$CLOUDFLARE_EMAIL > /home/letsencrypt/cloudflare.ini
echo dns_cloudflare_api_key=$CLOUDFLARE_API_KEY >> /home/letsencrypt/cloudflare.ini
chmod 600 /home/letsencrypt/cloudflare.ini
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /home/letsencrypt/cloudflare.ini \
--email $CLOUDFLARE_EMAIL \
--agree-tos \
--no-eff-email \
-d $DOMAIN

14
entrypoint.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# copy acme-chanllenge
echo "copy acme-challenge"
cp /home/acme-challenge.conf /etc/nginx/conf.d/acme-challenge.conf
# add crontab entry to renew the letsencrypt certificate
echo "adding crontab"
echo "0 23 * * * certbot renew --dry-run" | crontab -
crontab -l
# start nginx
echo "starting nginx"
nginx