example - wildcard certificate with certbot
This commit is contained in:
bunkerity
parent
a98dae1fb6
commit
25494acace
19
examples/certbot-wildcard/certbot-wildcard.sh
Normal file
19
examples/certbot-wildcard/certbot-wildcard.sh
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# you need to run it before starting bunkerized-nginx
|
||||||
|
# since it's manual there is no auto renew, you need to run it again before it expires
|
||||||
|
|
||||||
|
# ask for wildcard certificate
|
||||||
|
# it's interactive and you will need to add a DNS entry
|
||||||
|
docker run --rm -it -v "${PWD}/letsencrypt:/etc/letsencrypt" certbot/certbot certonly --manual -d *.website.com --agree-tos --no-bootstrap
|
||||||
|
|
||||||
|
# fix permissions
|
||||||
|
chown -R 101:101 "${PWD}/letsencrypt/live"
|
||||||
|
|
||||||
|
# reload nginx if it's already running (in case of a "renew")
|
||||||
|
if [ -z `docker-compose ps -q mywww` ] || [ -z `docker ps -q --no-trunc | grep $(docker-compose ps -q mywww)` ]; then
|
||||||
|
echo "bunkerized-nginx is not running, skipping nginx reload"
|
||||||
|
else
|
||||||
|
echo "bunkerized-nginx is running, sending reload order"
|
||||||
|
docker-compose exec mywww nginx -s reload
|
||||||
|
fi
|
||||||
40
examples/certbot-wildcard/docker-compose.yml
Normal file
40
examples/certbot-wildcard/docker-compose.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
mywww:
|
||||||
|
image: bunkerity/bunkerized-nginx
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:8080
|
||||||
|
- 443:8443
|
||||||
|
volumes:
|
||||||
|
- ./web-files:/www:ro
|
||||||
|
- ./letsencrypt/live/website.com:/certs:ro
|
||||||
|
environment:
|
||||||
|
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
|
||||||
|
- MULTISITE=yes
|
||||||
|
- USE_CUSTOM_HTTPS=yes
|
||||||
|
- CUSTOM_HTTPS_CERT=/certs/fullchain.pem
|
||||||
|
- CUSTOM_HTTPS_KEY=/certs/privkey.pem
|
||||||
|
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||||
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
|
- USE_CLIENT_CACHE=yes
|
||||||
|
- USE_GZIP=yes
|
||||||
|
- USE_BROTLI=yes
|
||||||
|
- app1.website.com_REMOTE_PHP=myapp1
|
||||||
|
- app1.website.com_REMOTE_PHP_PATH=/app
|
||||||
|
- app2.website.com_REMOTE_PHP=myapp2
|
||||||
|
- app2.website.com_REMOTE_PHP_PATH=/app
|
||||||
|
|
||||||
|
myapp1:
|
||||||
|
image: php:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./web-files/app1.website.com:/app
|
||||||
|
|
||||||
|
myapp2:
|
||||||
|
image: php:fpm
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./web-files/app2.website.com:/app
|
||||||
@ -0,0 +1,5 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
echo "hello from app1 !";
|
||||||
|
|
||||||
|
?>
|
||||||
@ -0,0 +1,5 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
echo "hello from app2 !";
|
||||||
|
|
||||||
|
?>
|
||||||
Loading…
x
Reference in New Issue
Block a user