# ssl_nginx hosting Version 0.6.0 (2026-03-25) ## Preparation 1. Create and fill `nginx/nginx.conf.j2` jinja template file ([example for global nginx](./nginx/examples/nginx.conf.j2) and for [nginx between other nginx and backends](./nginx/examples/nginx.middle.conf.j2)). For most cases you would not need to change the tempalte, but for sure it is not included by default. 2. Add your certified domains to `nginx/domains.txt` file ([example](nginx/examples/domains.txt)). These domains will be used by _certbot_ to monitor and update (if possible) certificates. _Nginx_ will also setup http server for the given entries. However if the domain is set both in domains.txt and servers.yaml (next step), _nginx_ will use https with certificates at the given path. That will fail nginx startup if the certificate to at least one domain is missing (--http-only option will skip domains.txt check). 3. Add your servers section configuration to `nginx/servers.yaml` ([example](nginx/examples/servers.yaml)). 4. Set `EMAIL` value to .env file for certbot configuration 5. Copy and tune [docker-compose.yaml example](./docker-compose.yaml.example) 6. Optionally, if additional nginx configurations are used, they can be placed to `nginx/nginx_conf.d` directory User email used for certbot can be set as environment variable at build process or in .env file. ## Usage For the first time you should run (run_once.d-c.yml)[run_once.d-c.yml] docker-compose file to get certificates. You can use (run_once.sh)[run_once.sh] script for this. After it, `docker compose up` (or `make up` to also remove validation container) should do the trick. Certificates update attempt will be performed automatically at 02:15 on each seventh day of month. (set in Dockerfile of _certbot_ and _nginx_). On launch config is validated with correct certificates and environment in `validate-config` step, so there should not be a case when incorrect config replaces correct one on update attempt. ## certbot_manual.sh This sceipt is available to perform manual certificates obtaining. One can use it to get a wildcard certificate for example (not available for automatic generation without an appropriate plugin).