-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #26 from Osedea/certbot-container
Added certbot certificate generation, fixes #23
- Loading branch information
Showing
11 changed files
with
81 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,6 +19,10 @@ git submodule add https://github.com/Osedea/nodock.git | |
#### Build and Run the containers | ||
``` | ||
cd nodock | ||
# Simple app | ||
docker-compose up -d node mysql nginx | ||
# or | ||
# All containers | ||
docker-compose up -d | ||
``` | ||
|
||
|
@@ -35,17 +39,50 @@ services: | |
nginx: | ||
build: | ||
args: | ||
web_ssl: "true" # defaults to "false" | ||
self_signed: "true" # defaults to "false" | ||
web_ssl: "true" | ||
``` | ||
Add your certificate to `nginx/certs/cacert.pem` and the private key to `nginx/certs/privkey.pem`. | ||
|
||
#### Generate and use a self-signed cert | ||
|
||
`self_signed: "true"` will generate the necessary files, do note that `self_signed: "true"` as no effect if `web_ssl: "false"` | ||
|
||
If you want to use your own: leave `self_signed: "false"`, add the certificate to `nginx/certs/cacert.pem` and the private key to `nginx/certs/privkey.pem`. | ||
``` | ||
# docker-compose.override.yml | ||
version: '2' | ||
services: | ||
nginx: | ||
build: | ||
args: | ||
web_ssl: "true" | ||
self_signed: "true" | ||
``` | ||
|
||
#### Generate and use certbot (Let's Encrypt) to generate the cert | ||
|
||
`CN` must be a publicly accessible address and `EMAIL` should be the server admin contact email. | ||
|
||
``` | ||
version: '2' | ||
services: | ||
nginx: | ||
build: | ||
args: | ||
web_ssl: "true" | ||
certbot: | ||
environment: | ||
CN: "example.com" | ||
EMAIL: "[email protected]" | ||
``` | ||
Don't forget to bring up the container if you plan on using certbot (`docker-compose up -d certbot`). | ||
|
||
## Running multiple node containers | ||
|
||
To add more node containers, simply add the following to your `docker-compose.override.yml` or environment specific docker-compose file. | ||
|
||
``` | ||
# docker-compose.override.yml | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
FROM phusion/baseimage:0.9.19 | ||
|
||
COPY scripts /root/scripts/ | ||
|
||
RUN apt-get update | ||
RUN apt-get install -y letsencrypt | ||
|
||
ENTRYPOINT bash -c "bash /root/scripts/run-certbot.sh && sleep infinity" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*.pem |
Empty file.
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text | ||
|
||
cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem | ||
cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters