Skip to content

Instantly share code, notes, and snippets.

@ezhulkov
Last active April 13, 2023 15:17
  • Star 37 You must be signed in to star a gist
  • Fork 15 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
[server]
SERVER
[server:vars]
server_name=SERVER
email=noc@gopractice.io
docker_nginx_ssl=true
#inspired by https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
- name: enabling ssl
block:
- name: certbot dirs
file: path={{item}} state=directory mode=0755 group=root owner=root
with_items:
- "/var/lib/certbot/www"
- "/var/log/certbot"
- "/var/lib/certbot/conf/live/{{server_name}}"
- name: creating dummy certificate
docker_container:
name: 'openssl'
image: 'frapsoft/openssl'
state: 'started'
auto_remove: yes
command: "req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \
-out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \
-subj '/CN=localhost'"
volumes:
- "/var/lib/certbot/conf:/etc/letsencrypt"
- name: copying options-ssl-nginx.conf
copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644
- name: copying ssl-dhparams.pem
copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644
- name: starting nginx with dummy certificate
docker_container:
name: 'nginx'
state: 'started'
- name: waiting for nginx
wait_for: port=80
- name: deleting dummy certificates
file: path={{item}} state=absent mode=0640 group=root owner=root
with_items:
- "/var/lib/certbot/conf/live/{{server_name}}"
- name: requesting letsencrypt certificate
docker_container:
name: 'certbot'
image: 'certbot/certbot'
state: 'started'
auto_remove: yes
command: "certonly --webroot --webroot-path /var/www/certbot \
--email {{email}} --cert-name {{server_name}} \
-d {{server_name}} --rsa-key-size 4096 \
--agree-tos --force-renewal"
volumes:
- "/var/lib/certbot/conf:/etc/letsencrypt"
- "/var/lib/certbot/www:/var/www/certbot"
- "/var/log/certbot:/var/log/letsencrypt"
- name: waiting for certbot
wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at"
- name: restart nginx with prod certificate
docker_container:
name: 'nginx'
state: 'started'
restart: yes
- name: waiting for nginx
wait_for: port=80
when: docker_nginx_ssl == "true"
@Paprikas
Copy link

Paprikas commented Feb 4, 2019

You forgot to remove your email

@Paraidomat
Copy link

You forgot to remove your email

What he said 👍

@ezhulkov
Copy link
Author

You forgot to remove your email

Thank you! Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment