Skip to content

WildeTechSolutions/nginx-docker-certbot-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
conf.d
conf.d
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
cloudflare.ini
cloudflare.ini
 
 
docker-compose.yml
docker-compose.yml
 
 
example.env
example.env
 
 
nginx.conf
nginx.conf
 
 
readme.md
readme.md
 
 

Repository files navigation

Summary

This project will run nginx and certbot in a docker stack. Change example.env to a .env file, set the email for certbot and what domains you want to include in the certificates.

Instructions are below for creating a service and timer to both renew SSL/TLS certbot certs and hot reload nginx.

Create a Service and Timer

Certbot renew

Create the certbot renew service

sudo nano /etc/systemd/system/nginx-certbot-renew.service
[Unit]
Description=Renews ssl certs
[Service]
ExecStart=/usr/bin/docker exec certbot certbot renew --non-interactive --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini

Create the certbot renew timer

sudo nano /etc/systemd/system/nginx-certbot-renew.timer
[Unit]
Description=Renews ssl certs
[Timer]
OnCalendar=*-*-* 01:00:00
[Install]
WantedBy=timers.target

Nginx hot reload

Create the reload service

sudo nano /etc/systemd/system/nginx-reload.service
[Unit]
Description=Hot reload of nginx to get new certs, etc.
[Service]
ExecStart=/usr/bin/docker exec nginx nginx -s reload

Create the reload timer

sudo nano /etc/systemd/system/nginx-reload.timer
[Unit]
Description=Hot reload of nginx to get new certs, etc.
[Timer]
OnCalendar=*-*-* 02:00:00
[Install]
WantedBy=timers.target

Enable the timers

Reload the systemd manager configuration

sudo systemctl daemon-reload

Enable the Service (optional: may want to enable it if you want to run the service manually)

sudo systemctl enable nginx-certbot-renew.service
sudo systemctl enable nginx-reload.service

Enable the Timer

sudo systemctl enable nginx-certbot-renew.timer
sudo systemctl enable nginx-reload.timer

Start the timer

sudo systemctl start nginx-certbot-renew.timer
sudo systemctl start nginx-reload.timer

Check the status of the timer

sudo systemctl status nginx-certbot-renew.timer
sudo systemctl status nginx-reload.timer

Common Commands

Hot reload nginx after changes to configuration

/usr/bin/docker exec -it nginx nginx -s reload

To tail the logs:

tail -10 /home/thomas/docker/nginx/data/nginx/logs/access.log

Manually renew certs

/usr/bin/docker exec certbot certbot renew --non-interactive --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini;

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published