Skip to content

Instantly share code, notes, and snippets.

@mrjones-plip

mrjones-plip/.gitignore

Last active March 10, 2023 22:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mrjones-plip/fdac51d0c022b5ab0a8e003af0c0053a to your computer and use it in GitHub Desktop.
Save mrjones-plip/fdac51d0c022b5ab0a8e003af0c0053a to your computer and use it in GitHub Desktop.
Download ZIP
Install CHT and test certbot LE creation
Raw
gistfile1.md

Install CHT and test certbot LE creation Proof of Concept

Assumes FQDN of deleteme2-certbot-nginx-cht.plip.com and a CHT SSL docker volume of cht_cht-ssl. Both are configurable in the .env file for certbot service.

  1. provision Ubuntu 22.04 w/ Public IP and FQDN

  2. install docker

    curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh

  3. Install CHT, create dirs, env file, compose files:

    sudo apt-get install wamerican
mkdir -p /home/ubuntu/cht/{compose,certs,upgrade-service,couchdb}
couchdb_secret=$(shuf -n7 /usr/share/dict/words --random-source=/dev/random | tr '\n' '-' | tr -d "'" | cut -d'-' -f1,2,3,4,5,6,7)
couchdb_password=$(shuf -n7 /usr/share/dict/words --random-source=/dev/random | tr '\n' '-' | tr -d "'" | cut -d'-' -f1,2,3,4,5,6,7)
cat > /home/ubuntu/cht/upgrade-service/.env << EOF
CHT_COMPOSE_PROJECT_NAME=cht
COUCHDB_SECRET=${couchdb_secret}
DOCKER_CONFIG_PATH=/home/ubuntu/cht/upgrade-service
COUCHDB_DATA=/home/ubuntu/cht/couchdb
CHT_COMPOSE_PATH=/home/ubuntu/cht/compose
COUCHDB_USER=medic
COUCHDB_PASSWORD=${couchdb_password}
COUCHDB_UUID=${uuid}
EOF

cd /home/ubuntu/cht/
curl -s -o ./compose/cht-core.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:8099-nginx-certbot/docker-compose/cht-core.yml
curl -s -o ./compose/cht-couchdb.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:8099-nginx-certbot/docker-compose/cht-couchdb.yml
curl -s -o ./upgrade-service/docker-compose.yml https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml

  4. start CHT services:

    cd /home/ubuntu/cht/upgrade-service
docker compose up --detach

  5. test .well-known works inside the container CHT nginx container:

    echo "should show 'hello world':"
curl http://deleteme2-certbot-nginx-cht.plip.com/.well-known/acme-challenge/index.html

  6. create certbot compose and env file

    mkdir -p /home/ubuntu/cht/certbot
cd /home/ubuntu/cht/certbot
cat > docker-compose.yml << EOF
version: '3.9'
services:
  certbot:
      container_name: certbot
      hostname: certbot
      image: certbot/certbot
      volumes:
        - ssl-storage:/etc/nginx/private/
        - ssl-storage:/var/log/letsencrypt/
      command: certonly --debug --deploy-hook /etc/nginx/private/deploy.sh --webroot -w /etc/nginx/private/certbot/ --domain \$DOMAIN --non-interactive --key-type rsa --agree-tos --register-unsafely-without-email \$STAGING
volumes:
  ssl-storage:
      name: \${CHT_SSL_VOLUME}
      external: true
EOF

cat > .env << EOF
DOMAIN=deleteme2-certbot-nginx-cht.plip.com
STAGING=
CHT_SSL_VOLUME=cht_cht-ssl
TZ=America/Whitehorse
EOF

  7. generate certs

    docker compose up

  8. reload nginx

    docker exec -it cht_nginx_1 nginx -s reload
@mrjones-plip
Copy link
Author

poc.mp4

@mrjones-plip
Copy link
Author

End to end working with no edits inside container - follows steps above and just works \o/

just.docker.contianers.720p.mp4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment