How to configure Let's encrypt certificates fo

2019-05-11 12:04发布

问题:

I know how to configure let's encrypt for nginx. I'm having hard time configuring let's encrypt with nginx inside a docker image. Let's encrypt certificates are symlinked in etc/letsencrypt/live folder and I don't have permission to view the real certificate files inside /etc/letsencrypt/archive

Can someone suggest a way out ?

回答1:

If anyone having this problem, I've solved it by mounting the folders into docker container.

  • I've mounted both etc/letsencrypt and etc/ssl folders into docker
  • Docker has -vflag to mount volumes. Don't forget to open port 443 for the container.

Based on how you mount it it's possible to enable https in docker container without changing nginx paths.

docker run -d -p 80:80 -p 443:443 -v /etc/letsencrypt/:/etc/letsencrypt/ -v /etc /ssl/:/etc/ssl/ <image name>


回答2:

I add my mistake. Maybe someone will find it useful.

I mounted the /live directory of letsencrypt and not the whole letsencrypt directory tree.

The problem with this:
The /live folder just holds symlinks to the /archive folder that is not mounted to the docker container with my approach. (In fact I even mounted a /certs folder that symlinked to the live folder because I had that certs folder in the development environment, same problem..the real (symlinked) files were not mounted)

All problems went away when I mounted /etc/letsencrypt instead of /live

A part of my docker-compose.yml

  services:
    ngx:
      image: nginx
      container_name: ngx
      ports:
        - 80:80
        - 443:443
      links:
        - php-fpm
      volumes:
        - ../../com/website:/var/www/html/website
        - ./nginx.conf:/etc/nginx/nginx.conf
        - ./nginx_conf.d/:/etc/nginx/conf.d/
        - ./nginx_logs/:/var/log/nginx/
        - ../whereever/you/haveit/etc/letsencrypt/:/etc/letsencrypt

The last line in that config is the important one. Changed it from

- ./certs/:/etc/nginx/certs/

And /certs was a symlink to /etc/letsencrypt/live in my case. This can not work as I described above.



回答3:

If you are using nginx, Docker and Letsencrypt you might like the following Github project: https-portal.

It automates a lot of manual actions, and makes it easy to manage your configurations using docker-compose. From the README:

Features

  • Test Locally
  • Redirections
  • Automatic Container Discovery
  • Hybrid Setup with Non-Dockerized Apps
  • Multiple Domains
  • Serving Static Sites
  • Share Certificates with Other Apps
  • HTTP Basic Auth

How it works

  • obtains an SSL certificate for each of your subdomains from Let's Encrypt.
  • configures Nginx to use HTTPS (and force HTTPS by redirecting HTTP to HTTPS)
  • sets up a cron job that checks your certificates every week, and renew them. if they expire in 30 days.

For some background.. The project was also discussed on Hacker News: HTTPS-Portal: Automated HTTPS server powered by Nginx, Let’s Encrypt and Docker

(Disclaimer: I have no affiliation to the project, just a user)