Add Production HTTPS Setup
Linden Crandall
parent
b53f6beff6
commit
83c2072b83
87
Production-HTTPS-Setup.md
Normal file
87
Production-HTTPS-Setup.md
Normal file
@ -0,0 +1,87 @@
|
||||
## Production HTTPS Setup
|
||||
|
||||
- In docker-compose.yml, uncomment production nginx and certbot services:
|
||||
```
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
depends_on:
|
||||
- main
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
|
||||
- ./certbot/conf:/etc/letsencrypt
|
||||
- ./certbot/www:/var/www/certbot
|
||||
ports:
|
||||
- ${PORT}:${PORT}
|
||||
- 443:443
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot:latest
|
||||
command: certonly --webroot -w /var/www/certbot --keep-until-expiring --email ${SSL_CERT_EMAIL} -d ${HOST} --agree-tos
|
||||
volumes:
|
||||
- ./certbot/conf:/etc/letsencrypt
|
||||
- ./certbot/www:/var/www/certbot
|
||||
|
||||
```
|
||||
- Comment out local https nginx service:
|
||||
```
|
||||
# for local https development using self-signed certs via openssl
|
||||
# nginx:
|
||||
# image: nginx:latest
|
||||
# depends_on:
|
||||
# - main
|
||||
# ports:
|
||||
# - "443:443"
|
||||
# volumes:
|
||||
# - ./https/certs/${SSL_SELF_SIGNED_CRT}:/etc/nginx/certs/${SSL_SELF_SIGNED_CRT}:ro
|
||||
# - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro
|
||||
# - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/
|
||||
```
|
||||
- Add SSL_CERT_EMAIL and HOST env vars:
|
||||
```
|
||||
sudo nano .env
|
||||
```
|
||||
```
|
||||
HOST=automatisch.lasthourhosting.org
|
||||
SSL_CERT_EMAIL=support@shilohcode.com
|
||||
```
|
||||
- Run `sudo docker compose up` to generate SSL cert
|
||||
- There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live`
|
||||
- After this completes, stop the containers `ctrl+c` and edit the `/https/nginx/automatisch_letsencrypt_nginx.conf` file to use the new SSL certs. Copy the configs in `/https/nginx/temp.conf` and overwrite `/https/nginx/automatisch_letsencrypt_nginx.conf`. It should look like this (using staging as an example):
|
||||
```
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
server {
|
||||
listen 7757;
|
||||
server_name automatisch.lasthourhosting.org;
|
||||
|
||||
location ~ /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
# use ssl letsencrypt certs
|
||||
ssl_certificate /etc/letsencrypt/live/automatisch.lasthourhosting.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/automatisch.lasthourhosting.org/privkey.pem;
|
||||
server_name automatisch.lasthourhosting.org;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass http://automatisch.lasthourhosting.org:7757/;
|
||||
}
|
||||
|
||||
location ~ /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at (staging) `https://automatisch.lasthourhosting.org` with a valid cert
|
||||
Loading…
x
Reference in New Issue
Block a user