Created
February 16, 2024 01:17
-
-
Save dluciano/3ec5aab16af7b44f639a9f27ff78fbbd to your computer and use it in GitHub Desktop.
configure certbot Azure docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# webserver: | |
# image: nginx:latest | |
# ports: | |
# - 80:80 | |
# - 443:443 | |
# restart: always | |
# volumes: | |
# - ./prod/nginx/www/:/var/www/html:ro | |
# - ./prod/nginx/conf/:/etc/nginx/conf.d/:ro | |
# networks: | |
# - public_net | |
# - private_net | |
nginx: | |
image: jonasal/nginx-certbot:latest | |
restart: unless-stopped | |
# environment: | |
# - CERTBOT_EMAIL | |
env_file: | |
- ./prod/nginx/nginx-certbot.env | |
ports: | |
- 80:80 | |
- 443:443 | |
volumes: | |
- ./prod/nginx/config:/etc/nginx/user_conf.d | |
- ./prod/letsencrypt:/etc/letsencrypt | |
networks: | |
- public_net | |
- private_net |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# prod/nginx/config/www.vm-backend-courier-ip.eastus.cloudapp.azure.com.conf | |
server { | |
# Listen to port 443 on both IPv4 and IPv6. | |
listen 443 ssl default_server reuseport; | |
listen [::]:443 ssl default_server reuseport; | |
# Domain names this server should respond to. | |
server_name vm-backend-courier-ip.eastus.cloudapp.azure.com; | |
# Load the certificate files. | |
ssl_certificate /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/privkey.pem; | |
ssl_trusted_certificate /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/chain.pem; | |
# Load the Diffie-Hellman parameter. | |
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; | |
server_tokens off; | |
location /api { | |
proxy_pass http://courier-api:4545/api; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# prod/nginx/nginx-certbot.env | |
# Required | |
CERTBOT_EMAIL=contact@ssd.com.do | |
# Optional (Defaults) | |
# DHPARAM_SIZE=2048 | |
# ELLIPTIC_CURVE=secp256r1 | |
# RENEWAL_INTERVAL=8d | |
# RSA_KEY_SIZE=2048 | |
# STAGING=0 | |
# USE_ECDSA=1 | |
# Advanced (Defaults) | |
# CERTBOT_AUTHENTICATOR=webroot | |
# CERTBOT_DNS_PROPAGATION_SECONDS="" | |
# DEBUG=0 | |
# USE_LOCAL_CA=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment