70 lines
1.6 KiB
Markdown
70 lines
1.6 KiB
Markdown
## docker build
|
|
```sh
|
|
docker build -t nginx-certbot .
|
|
```
|
|
|
|
## docker run
|
|
```sh
|
|
docker run -d \
|
|
-v path:/etc/letsencrypt/ \
|
|
-v path:/etc/nginx/conf.d \
|
|
-v path:/etc/nginx/nginx.conf:ro \
|
|
-v path:/etc/nginx/sites-enabled \
|
|
-v path:/var/www \
|
|
-e CLOUDFLARE_EMAIL="youremail" \
|
|
-e CLOUDFLARE_API_KEY="yourkey" \
|
|
-e DOMAIN="your.domain.com,*.domain.com"
|
|
--net host \
|
|
--name nginx \
|
|
--restart=always \
|
|
nginx-certbot
|
|
```
|
|
|
|
## docker compose
|
|
```yml
|
|
version: "3.5"
|
|
|
|
services:
|
|
nginx:
|
|
build: .
|
|
environment:
|
|
DOMAIN: "domain.com,*.domain.com" # 등록할 도메인 주소
|
|
CLOUDFLARE_EMAIL: "your@email.com" # 클라우드플레어 이메일주소
|
|
CLOUDFLARE_API_KEY: "your-key" # 클라우드플레어 api 키
|
|
volumes:
|
|
- path:/etc/letsencrypt/ # certbot 이 생성한 키 보관위치
|
|
- path:/etc/nginx/conf.d # nginx conf.d 폴더
|
|
- path/nginx.conf:/etc/nginx/nginx.conf:ro # nginx.confg
|
|
- path:/etc/nginx/sites-enabled # nginx sites-enalbe 폴더
|
|
- path:path:/var/www # 기본 www 폴더
|
|
network_mode: host # 용도에 맞게 변환
|
|
```
|
|
|
|
## create certificate
|
|
```sh
|
|
# enter nginx bash shell
|
|
docker exec -it nginx bash
|
|
|
|
# excute shell script
|
|
./ create-cert-cloudflare.sh
|
|
|
|
# reload nginx
|
|
nginx -s reload
|
|
```
|
|
|
|
## acme-challenge.conf
|
|
|
|
`acme-challenge.conf` 을 conf.d 에 포함
|
|
|
|
```
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name your.domain;
|
|
|
|
location ~ /.well-known/acme-challenge {
|
|
allow all;
|
|
root /var/www/html;
|
|
}
|
|
}
|
|
``` |