G
G
georgich2019-11-14 22:07:26
Nginx
georgich, 2019-11-14 22:07:26

How to install let's encrypt certificate in docker with nginx and certbot?

Greetings.
I made the settings according to this manual, but there is a snag. Here is the docker-compose.yml file:

version: "3.1"
services:
    db:
      image: mariadb
      container_name: test-mariadb
      restart: always
      volumes:
        - ./db/data/:/var/lib/mysql/
        - ./db/etc/:/etc/mysql/conf.d
        - ./db/logs/:/var/lib/mysql/logs/
      environment:
        - MYSQL_ROOT_PASSWORD=pass
        - MYSQL_USER=sqluser
        - MYSQL_PASSWORD=pass
      ports:
        - "127.0.0.1:3306:3306"
    
    php:
      build: 
        context: ./php
        dockerfile: Dockerfile.dockerfile
      container_name: test-php
      volumes:
        - ./public_html/:/var/www/html
      depends_on:
        - db

    apache:
      image: httpd:2.4
      container_name: test-apache
      volumes:
        - ./public_html/:/var/www/html
        - ./httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf
      depends_on:
        - php

    nginx:
      image: nginx:1.17
      container_name: test-nginx
      volumes:
        - ./public_html/:/var/www/html
        - ./nginx/nginx.conf:/etc/nginx/nginx.conf
        - ./certbot/conf:/etc/letsencrypt
        - ./certbot/www:/var/www/certbot
      ports:
        - "80:80"
        - "443:443"

    certbot:
      image: certbot/certbot
      container_name: test-certbot
      restart: always
      volumes:
        - ./certbot/conf:/etc/letsencrypt
        - ./certbot/www:/var/www/certbot

The certificates themselves were obtained from me via SSL for free . So I verified the domain manually through ./well-known. I have two certificates on hand (ca_bundle.crt, certificate.crt) and a private.key key. If I understand correctly, then the data from ca_bundle can be safely written to certificate.crt at the end and the files can be renamed to certificate.pem and private.pem.
Question: based on the docker-compose.yml file, where do I need to put these certificates and what should I write in nginx.conf? Now it has the following in the http block:
server {
        listen 80 default_server;
        return 444;
    }

    server {
        listen      80;
        server_name domain.ru www.domain.ru;
        root        /var/www/html;

        location / {
            index   index.html index.php;
        }

        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root        /var/www/html;
        }
    }

Thank you very much in advance!

Answer the question

In order to leave comments, you need to log in

2 answer(s)
N
neatsoft, 2019-11-15
@neatsoft

The problem is the wrong choice of tool. Traefik is much better suited for this task : it can dynamically pick up containers that need external access, automatically obtain let's encrypt certificates, route requests based on a domain name / path, and act as a load balancer. Much easier to set up than Nginx: the entire configuration is a few lines.

T
Trahibidadido, 2019-11-15
@Trahibidadido

You are using nginx as a proxy, just get a companion.
https://m.habr.com/ru/post/445448/ I advise you to read.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question