Aleksei Sokol
7499e55ce6
Changes: - fix README.md old json format usage - rename "redirect" option to "proxy_pass" - move docker-compose.yml and nginx.conf.j2 to examples and add to .gitignore - fix situation when one domain from domains.txt and servers.yaml appeared twice in nginx.conf
31 lines
1.4 KiB
Markdown
31 lines
1.4 KiB
Markdown
# ssl_nginx hosting
|
|
|
|
## Preparation
|
|
|
|
1. Copy and edit (if needed) [nginx/nginx.conf.j2](nginx/nginx.conf.j2.example) file.
|
|
2. Add your certified domains to nginx/domains.txt file ([example](nginx/domains.txt.example)).
|
|
|
|
These domains will be used by _certbot_ to monitor and update (if possible) certificates. _Nginx_ will also setup
|
|
http server for the given entries.
|
|
|
|
However if the domain is set both in domains.txt and servers.yaml (next step), _nginx_ will
|
|
use https with certificates at the given path. That will fail nginx startup if the certificate
|
|
to at least one domain is missing (--http-only option will skip domains.txt check).
|
|
|
|
3. Add your servers section configuration to nginx/servers.yaml ([example](nginx/servers.yaml.example)).
|
|
|
|
User email used for certbot can be set as environment variable at build process or in .env file.
|
|
|
|
## Usage
|
|
|
|
For the first time you should run (run_once.d-c.yml)[run_once.d-c.yml] docker-compose file to get certificates.
|
|
|
|
You can use (run_once.sh)[run_once.sh] script for this.
|
|
|
|
After it, `docker compose up` should do the trick. Certificates update attempt will be performed automatically at 02:15
|
|
on each seventh day of month. (set in Dockerfile of _certbot_ and _nginx_).
|
|
|
|
## certbot_manual.sh
|
|
|
|
This sceipt is available to perform manual certificates obtaining. One can use it to get a
|
|
wildcard certificate for example (not available for automatic generation without an appropriate plugin). |