lynsei/gist:ff0e6e62e1842220a876

## gistfile1.txt
INSTANT RANCHER-SERVER ON AUTOMATED SSL in 10 Lines of Bash Code

# make a rancher-server:443 for ca-validated A+ SSL using Ubuntu-Trusty/jWilder-Nginx-Reverse-Proxy/LetsEncrypt+proxy-companion on AWS EC2 (or basically any cloud host using Ubuntu Trusty)
# by Dr. C.Hogan


# install docker fresh on ubuntu-trusty & set things up proper
sudo apt-get install apt-transport-https ca-certificates
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" >> /etc/apt/sources.list.d/docker.list; sudo apt-get-update
sudo apt-get purge lxc-docker; sudo apt-cache policy docker-engine; sudo apt-get update;
sudo apt-get install linux-image-extra-$(uname -r); sudo apt-get install docker-engine
sudo service docker start; sudo usermod -aG docker ubuntu; exit;  # this just allows docker into admin group and exits (or you could rehash/resource here instead)

# test docker and provision all the nginx vanilla directories for jwilder & LE companion
docker run hello-world; sudo mkdir /usr/share/nginx; sudo mkdir /usr/share/nginx/html; sudo mkdir -p /etc/nginx/ssl;  sudo ln -s /etc/nginx/ssl /etc/nginx/certs; sudo mkdir /etc/nginx/vhost.d; sudo touch /etc/nginx/vhost.d/default.conf; # provison empty default conf for nginx

# create rancher server instance as daemon with specific virtual port 8080 and using target domain pteros.com
docker run -d -v /var/lib/mysql:/var/lib/mysql --restart=always --name=rancher-server -p 8080:8080 -e VIRTUAL_HOST=<targetsite.com> -e VIRTUAL_PORT=8080 -e "LETSENCRYPT_HOST=targetsite.com" -e "LETSENCRYPT_EMAIL=your@badassemail.com" rancher/server

# provision the jwilder reverse proxy using aforementioned settings, port 80 will 301 redirect requests to SSL host automatically
docker run -d --name=nginx-proxy --link=rancher-server --restart=always -p 80:80 -p 443:443 -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /etc/nginx/ssl:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

# provision the nginx LetsEncrypt helper container and attach it to the nginx-proxy instance
sudo docker run -d -v /etc/nginx/ssl:/etc/nginx/certs:rw --volumes-from nginx-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion

# BAM!!

# this concludes my lesson on instant deployment of a master Rancher Server node with
# instant SSL Auto-Renew using LetsEncrypt and reverse proxy for nginx, thereby allowing you to serve many SSL sites from the same IP


# OPTIONAL DEVOPS STUFF:
#--------------------------------------------------------------------------------------------------------------------------------------------------------------------
# I like to sync all my devops tools from aws s3 sync, but if you use rancher-os or a vanilla instance outside of Amazon Linux AMI, it doesn't come with AWS cli pre-installed (or python/pip)
# So I use the following code to automatically dockerize aws-cli and sync necessary devtools (npm, nodejitsu, my cobra binaries, boom, etc.)

# copy aws env and aws.sh into place so we can copy certs from s3
# note: this syncs all the stuff you want to /home/ubuntu/<folder you want to sync it to>
mkdir .aws
cd .aws
vi env

## *optional* contents of "env"
		$ cat /home/ubuntu/.aws/env
		AWS_ACCESS_KEY_ID=<your aws key>
		AWS_SECRET_ACCESS_KEY=<private key>
		AWS_DEFAULT_REGION=<region i.e.- us-west-1>

cd ../
mkdir .scripts
cd .scripts/
mkdir dockers
cd dockers
vi aws.sh
## *optional* contents of aws.sh
		$ cat /home/ubuntu/.scripts/dockers/aws.sh
		#!/bin/bash
		AWS_CONFIG_ENV=/home/ubuntu/.aws/env
		INSTANCE=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id)
		IMAGE=xueshanf/awscli:latest
		sudo docker pull $IMAGE
		sudo docker run -v /home/ubuntu/<folder you want to sync it to>:/root/.aws/ --env-file=$AWS_CONFIG_ENV $IMAGE /bin/bash -c "$1"

# run aws.sh which runs the aws-cli so we can copy important stuff from s3.  I use this to sync certificates, gnupg keyrings, etc, and I use a KMS AES_256bit encryption setup with it
sh ~/.scripts/dockers/aws.sh "aws s3 sync s3://<your bucket>/<certs or whatever else stored at s3> /root/.aws/"
	INSTANT RANCHER-SERVER ON AUTOMATED SSL in 10 Lines of Bash Code

	# make a rancher-server:443 for ca-validated A+ SSL using Ubuntu-Trusty/jWilder-Nginx-Reverse-Proxy/LetsEncrypt+proxy-companion on AWS EC2 (or basically any cloud host using Ubuntu Trusty)
	# by Dr. C.Hogan


	# install docker fresh on ubuntu-trusty & set things up proper
	sudo apt-get install apt-transport-https ca-certificates
	sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
	sudo echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" >> /etc/apt/sources.list.d/docker.list; sudo apt-get-update
	sudo apt-get purge lxc-docker; sudo apt-cache policy docker-engine; sudo apt-get update;
	sudo apt-get install linux-image-extra-$(uname -r); sudo apt-get install docker-engine
	sudo service docker start; sudo usermod -aG docker ubuntu; exit; # this just allows docker into admin group and exits (or you could rehash/resource here instead)

	# test docker and provision all the nginx vanilla directories for jwilder & LE companion
	docker run hello-world; sudo mkdir /usr/share/nginx; sudo mkdir /usr/share/nginx/html; sudo mkdir -p /etc/nginx/ssl; sudo ln -s /etc/nginx/ssl /etc/nginx/certs; sudo mkdir /etc/nginx/vhost.d; sudo touch /etc/nginx/vhost.d/default.conf; # provison empty default conf for nginx

	# create rancher server instance as daemon with specific virtual port 8080 and using target domain pteros.com
	docker run -d -v /var/lib/mysql:/var/lib/mysql --restart=always --name=rancher-server -p 8080:8080 -e VIRTUAL_HOST=<targetsite.com> -e VIRTUAL_PORT=8080 -e "LETSENCRYPT_HOST=targetsite.com" -e "LETSENCRYPT_EMAIL=your@badassemail.com" rancher/server

	# provision the jwilder reverse proxy using aforementioned settings, port 80 will 301 redirect requests to SSL host automatically
	docker run -d --name=nginx-proxy --link=rancher-server --restart=always -p 80:80 -p 443:443 -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /etc/nginx/ssl:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

	# provision the nginx LetsEncrypt helper container and attach it to the nginx-proxy instance
	sudo docker run -d -v /etc/nginx/ssl:/etc/nginx/certs:rw --volumes-from nginx-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion

	# BAM!!

	# this concludes my lesson on instant deployment of a master Rancher Server node with
	# instant SSL Auto-Renew using LetsEncrypt and reverse proxy for nginx, thereby allowing you to serve many SSL sites from the same IP




	# OPTIONAL DEVOPS STUFF:
	#--------------------------------------------------------------------------------------------------------------------------------------------------------------------
	# I like to sync all my devops tools from aws s3 sync, but if you use rancher-os or a vanilla instance outside of Amazon Linux AMI, it doesn't come with AWS cli pre-installed (or python/pip)
	# So I use the following code to automatically dockerize aws-cli and sync necessary devtools (npm, nodejitsu, my cobra binaries, boom, etc.)

	# copy aws env and aws.sh into place so we can copy certs from s3
	# note: this syncs all the stuff you want to /home/ubuntu/<folder you want to sync it to>
	mkdir .aws
	cd .aws
	vi env

	## optional contents of "env"
	$ cat /home/ubuntu/.aws/env
	AWS_ACCESS_KEY_ID=<your aws key>
	AWS_SECRET_ACCESS_KEY=<private key>
	AWS_DEFAULT_REGION=<region i.e.- us-west-1>

	cd ../
	mkdir .scripts
	cd .scripts/
	mkdir dockers
	cd dockers
	vi aws.sh
	## optional contents of aws.sh
	$ cat /home/ubuntu/.scripts/dockers/aws.sh
	#!/bin/bash
	AWS_CONFIG_ENV=/home/ubuntu/.aws/env
	INSTANCE=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id)
	IMAGE=xueshanf/awscli:latest
	sudo docker pull $IMAGE
	sudo docker run -v /home/ubuntu/<folder you want to sync it to>:/root/.aws/ --env-file=$AWS_CONFIG_ENV $IMAGE /bin/bash -c "$1"

	# run aws.sh which runs the aws-cli so we can copy important stuff from s3. I use this to sync certificates, gnupg keyrings, etc, and I use a KMS AES_256bit encryption setup with it
	sh ~/.scripts/dockers/aws.sh "aws s3 sync s3://<your bucket>/<certs or whatever else stored at s3> /root/.aws/"