Shiloh/shiloh_automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Production HTTPS Setup

Linden Crandall 2025-02-08 00:07:06 +00:00
parent 2ec3505405
commit bf6add1765
1 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Production-HTTPS-Setup.md

@ -1,7 +1,7 @@
## Production HTTPS Setup [ How to Secure Your Applications with HTTPS Using Docker, NGINX, and Let's Encrypt ](https://www.youtube.com/watch?v=J9jKKeV1XVE)
- First cd to project where the repo is intialized `cd /home/lasthour/repositories/automatisch`
- Create an env file, and add the env vars and save the file: `sudo nano .env`. Make sure to update the `IPV6_SUBNET` var to to a range that isn't already in use:
- Create an env file, and add the env vars and save the file: `sudo nano .env`. Get <HOSTNAME> name from Tony. Make sure to update the `IPV6_SUBNET` var to to a range that isn't already in use:
ex):
```
@ -9,7 +9,7 @@ ENABLE_IPV6=true
MAIN_HTTP_PORT=7757
NGINX_HTTP_PORT=80
NGINX_HTTPS_PORT=443
HOST=automatisch.lasthourhosting.org
HOST=<HOSTNAME>
PROTOCOL=https
APP_ENV=production
REDIS_HOST=redis
@ -58,15 +58,7 @@ IPV6_SUBNET=2001:db8:2::/64
# - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro
# - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/
```
- Add SSL_CERT_EMAIL and HOST env vars:
```
sudo nano .env
```
```
HOST=automatisch.lasthourhosting.org
SSL_CERT_EMAIL=support@shilohcode.com
```
- Add the HOST entries to `automatisch_letsencrypt_nginx.conf` and save before continuing:
- Replace the <HOSTNAME> with the DNS in the `.env` file and save before continuing:
```
# initial nginx conf file needed when running certbot container the first time to generate ssl certs
# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
@ -96,7 +88,7 @@ server {
cp https/nginx/secondary_automatisch_letsencrypt_nginx.conf https/nginx/automatisch_letsencrypt_nginx.conf
```
- Add the HOST entries again to `automatisch_letsencrypt_nginx.conf` and save before continuing:
- Replace <HOSTNAME> entries again with `.env` DNS and save before continuing:
```
# nginx conf file to use after LetsEncrypt SSL certs have been created
# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
@ -143,7 +135,7 @@ server {
}
}
```
- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at (staging) `https://automatisch.lasthourhosting.org` with a valid cert
- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at the DNS with a valid SSL cert bound to it
## Cronjob for auto SSL Cert renewals
- Locate Docker binary: `whereis docker` or `sudo whereis docker`
- It should be in `/usr/bin/docker`, but wherever it is on the system, run `crontab -e` and enter this task to renew the ssl cert, replace `/path/to/docker-compose.yml` with the actual path where the docker-compose.yml file is: