Last active
April 15, 2019 20:24
-
-
Save mraaroncruz/a51b7ffda509bf709397b9ad91a83b1c to your computer and use it in GitHub Desktop.
Setup a docker letsencrypt nginx port forwarded box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# Run like | |
# bash setup.bash example.com janet@example.com 5000 | |
# vhost letsencrypt email application port | |
HOST=$1 | |
EMAIL=$2 | |
PORT=$3 | |
setup () { | |
### Update the apt package index: | |
sudo apt update | |
sudo apt upgrade -y | |
### Install packages to allow apt to use a repository over HTTPS: | |
sudo apt -y install \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl \ | |
software-properties-common \ | |
nginx | |
# Install docker | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo apt-key fingerprint 0EBFCD88 | |
sudo add-apt-repository \ | |
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \ | |
$(lsb_release -cs) \ | |
stable" | |
sudo apt update | |
sudo apt -y install docker-ce | |
# Install docker-compose | |
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
sudo chmod +x /usr/local/bin/docker-compose | |
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
} | |
letsencrypt () { | |
sudo add-apt-repository -y ppa:certbot/certbot | |
# You need to do this again sometimes | |
sudo apt update | |
sudo apt -y install python-certbot-nginx | |
} | |
output_nginx_config () { | |
local dest=$1 | |
local host=$2 | |
local port=$3 | |
echo " | |
server { | |
listen 80; | |
listen [::]:80; | |
# root /var/www/example.com/html; | |
# index index.html index.htm index.nginx-debian.html; | |
server_name $host; | |
location / { | |
# Do not allow connections from docker 1.5 and earlier | |
# docker pre-1.6.0 did not properly set the user agent on ping, catch \"Go *\" user agents | |
if (\$http_user_agent ~ \"^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$\" ) { | |
return 404; | |
} | |
proxy_pass http://localhost:$port; | |
proxy_set_header Host \$http_host; # required for docker client's sake | |
proxy_set_header X-Real-IP \$remote_addr; # pass on real client's IP | |
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto \$scheme; | |
proxy_read_timeout 900; | |
} | |
} | |
" > $dest | |
} | |
setup_nginx() { | |
local email=$1 | |
local host=$2 | |
local port=$3 | |
output_nginx_config /etc/nginx/sites-enabled/$host $host $port | |
sudo systemctl restart nginx | |
sudo certbot run --nginx --redirect --agree-tos -m $email | |
} | |
echo "## Run setup ##" && setup | |
echo "## Adding certbot ##" && letsencrypt | |
echo "## Setting up nginx ##" && setup_nginx $EMAIL $HOST $PORT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment