Nginx + Certbot

nginx_certbot.md

How to create Let's encrypt certificates

Create directories

mkdir -p /root/data/nginx
mkdir -p /root/data/certbot/conf
mkdir -p /root/data/certbot/www

Nginx config for first step (file /root/data/nginx/step-1.conf)

server {
    listen 80;
    server_name test.flamecat.ru;
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}

Run nginx

docker run --rm -d -p80:80 -p443:443 --name nginx -v /root/data/nginx/step-1.conf:/etc/nginx/conf.d/step-1.conf -v /root/data/certbot/conf:/etc/letsencrypt -v /root/data/certbot/www:/var/www/certbot nginx:1.15-alpine

Create new certificates

docker run --rm -it -v /root/data/certbot/conf:/etc/letsencrypt -v /root/data/certbot/www:/var/www/certbot certbot/certbot certonly --webroot -w /var/www/certbot --non-interactive --agree-tos -m vadim@jexia.com -d test.flamecat.ru

Nginx config for second step (file /root/data/nginx/step-2.conf)

server {
    listen 80;
    server_name test.flamecat.ru;
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name test.flamecat.ru;
    ssl_certificate /etc/letsencrypt/live/test.flamecat.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/test.flamecat.ru/privkey.pem;
    location / {
        proxy_pass http://example.org; #for demo purposes
    }
}

Restart nginx

docker rm -f nginx
docker run --rm -d -p80:80 -p443:443 --name nginx -v /root/data/nginx/step-2.conf:/etc/nginx/conf.d/step-2.conf -v /root/data/certbot/conf:/etc/letsencrypt nginx:1.15-alpine

Check HTTPS

# curl https://test.flamecat.ru/ -I
HTTP/1.1 200 OK
Server: nginx/1.15.12
Date: Mon, 21 Oct 2019 18:03:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 648
Connection: keep-alive
Content-Encoding: gzip
Accept-Ranges: bytes
Cache-Control: max-age=604800
Etag: "3147526947"
Expires: Mon, 28 Oct 2019 18:03:10 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
X-Cache: HIT