Last active
May 24, 2023 03:51
-
-
Save agates/9d25d2c59d12bbb014a04c55d7fd706b to your computer and use it in GitHub Desktop.
Adding Let's Encrypt certs to PeerTube plugin livechat under the default docker setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Open a shell in the certbot container | |
| docker exec -it certbot /bin/sh | |
| # Run cerbot | |
| certbot certonly | |
| # Enter the correct options for your domain and defaults to work with the PeerTube webserver container | |
| # How would you like to authenticate with the ACME CA? | |
| # Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 | |
| # Please enter the domain name(s) you would like on your certificate (comma and/or | |
| # space separated) (Enter 'c' to cancel): <room.your_instance.tld> | |
| # Input the webroot for <room.your_instance.tld>: (Enter 'c' to cancel): /var/www/certbot | |
| # Successfully received certificate. | |
| # Certificate is saved at: /etc/letsencrypt/live/<room.your_instance.tld>/fullchain.pem | |
| # Key is saved at: /etc/letsencrypt/live/<room.your_instance.tld>/privkey.pem | |
| # Run the below command inside the certbot container to give read access to the new certs and private keys to the peertube group | |
| chown -R root:999 /etc/letsencrypt/live; chmod 750 /etc/letsencrypt/live; chown -R root:999 /etc/letsencrypt/archive; chmod 750 /etc/letsencrypt/archive; find /etc/letsencrypt/ -name 'privkey*' -exec chmod 0640 {} \; | |
| # exit the certbot container | |
| exit | |
| # Modify the certbot entrypoint in your docker-compose.yml to the following, which runs the above command after renewal | |
| # entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; chown -R root:999 /etc/letsencrypt/live; chmod 750 /etc/letsencrypt/live; chown -R root:999 /etc/letsencrypt/archive; chmod 750 /etc/letsencrypt/archive; find /etc/letsencrypt/ -name 'privkey*' -exec chmod 0640 {} \; sleep 12h & wait $${!}; done;" | |
| # Mount the certbot volume into the peertube continer as a volume: | |
| # volumes: | |
| # - ./docker-volume/certbot/conf:/etc/letsencrypt | |
| # | |
| # Make sure to restart the container with docker-compose down; docker-comopse up -d | |
| # Point your certificate directory in the livechat plugin settings to: | |
| # /etc/letsencrypt/live | |
| # Check that prosody can read the certs | |
| docker-compose exec -u peertube peertube /data/plugins/data/peertube-plugin-livechat/prosodyAppImage/squashfs-root/AppRun prosodyctl --config /data/plugins/data/peertube-plugin-livechat/prosody/prosody.cfg.lua check certs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment