Create directories
mkdir -p /root/data/nginx
mkdir -p /root/data/certbot/conf
mkdir -p /root/data/certbot/www
Nginx config for first step (file /root/data/nginx/step-1.conf)
server {
listen 80;
server_name test.flamecat.ru;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
Run nginx
docker run --rm -d -p80:80 -p443:443 --name nginx -v /root/data/nginx/step-1.conf:/etc/nginx/conf.d/step-1.conf -v /root/data/certbot/conf:/etc/letsencrypt -v /root/data/certbot/www:/var/www/certbot nginx:1.15-alpine
Create new certificates
docker run --rm -it -v /root/data/certbot/conf:/etc/letsencrypt -v /root/data/certbot/www:/var/www/certbot certbot/certbot certonly --webroot -w /var/www/certbot --non-interactive --agree-tos -m vadim@jexia.com -d test.flamecat.ru
Nginx config for second step (file /root/data/nginx/step-2.conf)
server {
listen 80;
server_name test.flamecat.ru;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name test.flamecat.ru;
ssl_certificate /etc/letsencrypt/live/test.flamecat.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.flamecat.ru/privkey.pem;
location / {
proxy_pass http://example.org; #for demo purposes
}
}
Restart nginx
docker rm -f nginx
docker run --rm -d -p80:80 -p443:443 --name nginx -v /root/data/nginx/step-2.conf:/etc/nginx/conf.d/step-2.conf -v /root/data/certbot/conf:/etc/letsencrypt nginx:1.15-alpine
Check HTTPS
# curl https://test.flamecat.ru/ -I
HTTP/1.1 200 OK
Server: nginx/1.15.12
Date: Mon, 21 Oct 2019 18:03:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 648
Connection: keep-alive
Content-Encoding: gzip
Accept-Ranges: bytes
Cache-Control: max-age=604800
Etag: "3147526947"
Expires: Mon, 28 Oct 2019 18:03:10 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
X-Cache: HIT