Skip to content

Instantly share code, notes, and snippets.

@ezhulkov
Last active December 17, 2024 10:20
Show Gist options
  • Save ezhulkov/355fff964e54ffed541ed09e80341fd0 to your computer and use it in GitHub Desktop.
Save ezhulkov/355fff964e54ffed541ed09e80341fd0 to your computer and use it in GitHub Desktop.
[server]
SERVER
[server:vars]
server_name=SERVER
email=noc@gopractice.io
docker_nginx_ssl=true
#inspired by https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
- name: enabling ssl
block:
- name: certbot dirs
file: path={{item}} state=directory mode=0755 group=root owner=root
with_items:
- "/var/lib/certbot/www"
- "/var/log/certbot"
- "/var/lib/certbot/conf/live/{{server_name}}"
- name: creating dummy certificate
docker_container:
name: 'openssl'
image: 'frapsoft/openssl'
state: 'started'
auto_remove: yes
command: "req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \
-out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \
-subj '/CN=localhost'"
volumes:
- "/var/lib/certbot/conf:/etc/letsencrypt"
- name: copying options-ssl-nginx.conf
copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644
- name: copying ssl-dhparams.pem
copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644
- name: starting nginx with dummy certificate
docker_container:
name: 'nginx'
state: 'started'
- name: waiting for nginx
wait_for: port=80
- name: deleting dummy certificates
file: path={{item}} state=absent mode=0640 group=root owner=root
with_items:
- "/var/lib/certbot/conf/live/{{server_name}}"
- name: requesting letsencrypt certificate
docker_container:
name: 'certbot'
image: 'certbot/certbot'
state: 'started'
auto_remove: yes
command: "certonly --webroot --webroot-path /var/www/certbot \
--email {{email}} --cert-name {{server_name}} \
-d {{server_name}} --rsa-key-size 4096 \
--agree-tos --force-renewal"
volumes:
- "/var/lib/certbot/conf:/etc/letsencrypt"
- "/var/lib/certbot/www:/var/www/certbot"
- "/var/log/certbot:/var/log/letsencrypt"
- name: waiting for certbot
wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at"
- name: restart nginx with prod certificate
docker_container:
name: 'nginx'
state: 'started'
restart: yes
- name: waiting for nginx
wait_for: port=80
when: docker_nginx_ssl == "true"
@Paprikas
Copy link

Paprikas commented Feb 4, 2019

You forgot to remove your email

@Paraidomat
Copy link

You forgot to remove your email

What he said 👍

@ezhulkov
Copy link
Author

You forgot to remove your email

Thank you! Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment