k4rli/https-nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx https

Browse Source
This commit is contained in:
Karli
2022-05-01 18:45:14 +03:00
commit 73cce2e835
5 changed files with 146 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
README.md Normal file
View File

@@ -0,0 +1,61 @@
# HTTPS setup: Nginx Reverse Proxy+ Letsencrypt+ AWS Cloud + Docker
A detailed set of instructions can be found [here](https://leangaurav.medium.com/simplest-https-setup-nginx-reverse-proxy-letsencrypt-ssl-certificate-aws-cloud-docker-4b74569b3c61)
Below is a basic setup guide:
**Step-1:** Open `config/nginx.conf` replace test.leangaurav.dev with the domain you wish to configure. It can be subdomain like mine or apex domain.
**Step-2:** You can change the nginx version in `docker/nginx.Dockerfile`
**Step-3:** Open `docker-compose-le.yaml` and replace `your.email@email.com` and `test.leangaurav.com`
**Step-4:** In a terminal (T1) run `docker-compose up --build nginx` monitor the logs for errors as we follow next steps
**Step-5:** In another terminal (T2) run `docker-compose -f docker-compose-le.yaml up --build`
**Step-6:** If things go well, the second terminal (T2) will show something like this
```Successfully received certificate.
letsencrypt_1 | Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
letsencrypt_1 | Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem
letsencrypt_1 | This certificate expires on 2021-10-20.
letsencrypt_1 | These files will be updated when the certificate renews.
letsencrypt_1 |
letsencrypt_1 | NEXT STEPS:
letsencrypt_1 | - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
letsencrypt_1 |
letsencrypt_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
letsencrypt_1 | If you like Certbot, please consider supporting our work by:
letsencrypt_1 | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
letsencrypt_1 | * Donating to EFF: https://eff.org/donate-le
letsencrypt_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
```
**Step-7:** Close the nginx container (press Ctrl+c or CMD+c) running in first terminal (T1) and replace with below config (after replacing the 4 occurence of `test.leangaurav.dev` with your domain name)
```
server {
listen 80;
listen [::]:80;
server_name test.leangaurav.dev;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ~ /.well-known/acme-challenge {
allow all;
root /tmp/acme_challenge;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl http2;
server_name test.leangaurav.dev;
ssl_certificate /etc/letsencrypt/live/test.leangaurav.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.leangaurav.dev/privkey.pem;
}
```
**Step-8:** Run the nginx container again but with `-d` this time `docker-compose up --build -d nginx`
SSL certificates should be installed. Verify by visiting your domain. You will get an Nginx 404 but it will be served over https. Check the certificate details.
**Step-9:** Setup crontab for auto-renew by running command `crontab -e` and then pasting the below stuff there. Make sure you put the absolute path to the `docker-compose` file.
```0 0 * * 0 expr `date +\%W` \% 2 > /dev/null || docker-compose -f <absolute path to folder>/docker-compose-le.yaml up && docker exec -it nginx-service nginx -s reload ```

50
config/nginx.conf Normal file
View File

@@ -0,0 +1,50 @@
server {
listen 80;
listen [::]:80;
server_name portal.bytser.com
location ~ /.well-known/acme-challenge {
allow all;
root /tmp/acme_challenge;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl http2;
server_name test.leangaurav.dev;
ssl_certificate /etc/letsencrypt/live/portal.bytser.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.bytser.com/privkey.pem;
location / {
rewrite ^/?(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/ {
rewrite ^/api/?(.*)$ /$1 break;
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

12
docker-compose-le.yaml Normal file
View File

@@ -0,0 +1,12 @@
version: "3.3"
services:
letsencrypt:
container_name: 'certbot-service'
image: certbot/certbot:v1.17.0
command: sh -c "certbot certonly --webroot -w /tmp/acme_challenge -d portal.bytser.com --text --agree-tos --email bytser@bytser.com --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http"
entrypoint: ""
volumes:
- "/etc/letsencrypt:/etc/letsencrypt"
- "/tmp/acme_challenge:/tmp/acme_challenge"
environment:
- TERM=xterm

20
docker-compose.yaml Normal file
View File

@@ -0,0 +1,20 @@
version: "3.3"
services:
nginx:
container_name: 'nginx-service'
build:
context: .
dockerfile: docker/nginx.Dockerfile
ports:
- 80:80
- 443:443
volumes:
- ./config:/config
- /etc/letsencrypt:/etc/letsencrypt:ro
- /tmp/acme_challenge:/tmp/acme_challenge
networks:
- app
restart: always
networks:
app:
driver: bridge

3
docker/nginx.Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM nginx:1.21.1-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY /config/nginx.conf /etc/nginx/conf.d