Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🎉 Awesome Nginx Certbot Compose! with some improvements #136

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

luke10x
Copy link

@luke10x luke10x commented Mar 21, 2023

  • domain names are figured out from /etc/nginx/conf.d/*.conf filenames;
  • top-level directories in repo represent Compose services (for autocomplete);
  • static websites will be in a mounted directory /var/www/websites.

if I have files luke10x.com.com.conf, oauth-testbed.luke10x.com.conf, etc. in ./nginx/conf.d their name will be used as a domain name thus is not necessary to edit this file before running init.

top-level directories in this project repo will be mirroring docker-compose services,
this way it reduces cognitive load.
But certbots directories are also mounted to nginx? well, yes, but only ar read-only. they still owned by certbot.

Additionally, ./nginx/www will be mounted to /var/www/sites

My idea is that host files are provisioned outside of this repo, and their content could be like this:

server {
    listen 80;
    server_name oauth-testbed.luke10x.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name oauth-testbed.luke10x.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/luke10x.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/luke10x.com/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /var/www/sites/oauth-testbed.luke10x.com;
    index index.html;
}

obviously, site content at /var/www/sites/oauth-testbed.luke10x.com also must be provisioned outside, and again it is git ignored

- domain names are figured out from /etc/nginx/conf.d/*.conf filenames;
- top-level directories in repo represent Compose services (for
  autocomplete);
- static websites will be contained in a mounted directory
  /var/www/websites.
@luke10x luke10x force-pushed the works-out-of-the-box-with-static-assets branch from dd75521 to e4f697c Compare March 21, 2023 14:31
@Csaba19999
Copy link

Thank you for updating this repo!
Unfortunately, I have an issue. I used your config and script. I can reach the page with https but it is still unsafe according to the browser.
What should I do? it says "This CA root certificate is not trusted because it is not in the trusted root CAs store."

@luke10x
Copy link
Author

luke10x commented Mar 31, 2023

Thank you for updating this repo! Unfortunately, I have an issue. I used your config and script. I can reach the page with https but it is still unsafe according to the browser. What should I do? it says "This CA root certificate is not trusted because it is not in the trusted root CAs store."

It is hard to say for sure but I have a feeling something went wrong during the startup.
Could you please help with the output of docker-compose logs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants