example - fix certbot wildcard
This commit is contained in:
parent
25494acace
commit
a3cfb50b4d
|
@ -3,17 +3,24 @@
|
|||
# you need to run it before starting bunkerized-nginx
|
||||
# since it's manual there is no auto renew, you need to run it again before it expires
|
||||
|
||||
DOMAIN="*.website.com"
|
||||
SERVICE="mywww"
|
||||
|
||||
# ask for wildcard certificate
|
||||
# it's interactive and you will need to add a DNS entry
|
||||
docker run --rm -it -v "${PWD}/letsencrypt:/etc/letsencrypt" certbot/certbot certonly --manual -d *.website.com --agree-tos --no-bootstrap
|
||||
docker run --rm -it -v "${PWD}/letsencrypt:/etc/letsencrypt" certbot/certbot certonly --manual -d $DOMAIN --agree-tos
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "error while getting certificate for $DOMAIN"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# fix permissions
|
||||
chown -R 101:101 "${PWD}/letsencrypt/live"
|
||||
chown -R 101:101 "${PWD}/letsencrypt"
|
||||
|
||||
# reload nginx if it's already running (in case of a "renew")
|
||||
if [ -z `docker-compose ps -q mywww` ] || [ -z `docker ps -q --no-trunc | grep $(docker-compose ps -q mywww)` ]; then
|
||||
if [ -z `docker-compose ps -q $SERVICE` ] || [ -z `docker ps -q --no-trunc | grep $(docker-compose ps -q $SERVICE)` ]; then
|
||||
echo "bunkerized-nginx is not running, skipping nginx reload"
|
||||
else
|
||||
echo "bunkerized-nginx is running, sending reload order"
|
||||
docker-compose exec mywww nginx -s reload
|
||||
docker-compose exec $SERVICE nginx -s reload
|
||||
fi
|
||||
|
|
|
@ -10,13 +10,13 @@ services:
|
|||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt/live/website.com:/certs:ro
|
||||
- ./letsencrypt:/letsencrypt:ro
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
- USE_CUSTOM_HTTPS=yes
|
||||
- CUSTOM_HTTPS_CERT=/certs/fullchain.pem
|
||||
- CUSTOM_HTTPS_KEY=/certs/privkey.pem
|
||||
- CUSTOM_HTTPS_CERT=/letsencrypt/live/website.com/fullchain.pem
|
||||
- CUSTOM_HTTPS_KEY=/letsencrypt/live/website.com/privkey.pem
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
|
|
Loading…
Reference in New Issue