marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
docker-development-youtube-.../security/letsencrypt/introduction/readme.md
marcel-dempers 83934aa47f letsencrypt basics
2020-09-25 19:08:30 +10:00

114 lines
2.8 KiB
Markdown
Raw Blame History

# Let's encrypt
## Introduction
To start off, I run an NGINX web server. <br/>
This could be running anywhere in the cloud. <br/>
```
docker run -it -p 80:80 nginx bash
# get my public IP for this server
curl ifconfig.co
# lets get out of the container
exit
```
Now that we have the public IP for our server, lets start it up again <br/>
This time, without bash <br/>
We should be able to access it in the browser <br/>
```
docker run -it -p 80:80 nginx
```
In the video, we create a DNS record and point it to the IP of our server <br/>
## Certbot
The [docs](https://certbot.eff.org/)
To build certbot, i simply change directory and build my certbot container <br/>
```
cd .\security\letsencrypt\introduction\
docker build . -t certbot
docker run -it --rm --name certbot `
-v ${PWD}:/letsencrypt `
-v ${PWD}/certs:/etc/letsencrypt `
certbot bash
```
## NGINX
We've customised our `nginx.conf` as shown in the video <br/>
Run this NGINX, we mount the shared folder that certbot will use:
```
cd .\security\letsencrypt\introduction\
docker run -it --rm --name nginx `
-v ${PWD}/nginx.conf:/etc/nginx/nginx.conf `
-v ${PWD}:/letsencrypt `
-v ${PWD}/certs:/etc/letsencrypt `
-p 80:80 `
-p 443:443 `
nginx
```
## Issue certificate
In certbot, generate our cert:
```
certbot certonly --webroot
# webroot is the folder we mounted: /letsencrypt
# certificate outputs under etc/letsencrypt/live/**
# since we share this volume with our webserver, we dont need to copy
# certificates across.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/marcel.guru/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/marcel.guru/privkey.pem
Your cert will expire on 2020-12-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
```
## Renewal
To do a dry run of cert renewal:
```
certbot renew --dry-run
```
Reload our NGINX web server if the certs change:
```
docker exec -it nginx sh -c "nginx -s reload"
```
Checkout the Certbot [docs](https://certbot.eff.org/instructions) for more details
Reference in New Issue View Git Blame Copy Permalink