The goal is to configure a nginx server with automatic Let’s Encrypt renewal, assuming a new dedicated virtual machine running a pristine Debian GNU/Linux stretch/9.
Install docker-compose:
sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates dirmngr sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D echo deb https://apt.dockerproject.org/repo debian-stretch main | sudo tee /etc/apt/sources.list.d/docker.list sudo apt-get update sudo apt-get install -y docker-engine sudo bash -c 'curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose' sudo chmod +x /usr/local/bin/docker-compose
Assuming the FQDN of the machine is download.securedrop.club and the person responsible can be reached at admin@securedrop.cub, create the docker-compose.yml with:
cat > docker-compose.yml <<EOF
version: '2'
services:
web:
image: nginx:1.13.3
volumes:
- ./html:/usr/share/nginx/html:ro
ports:
- "8080:80"
environment:
- VIRTUAL_HOST=download.securedrop.club
- LETSENCRYPT_HOST=download.securedrop.club
- LETSENCRYPT_EMAIL=admin@securedrop.club
proxy:
image: jwilder/nginx-proxy
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./certs:/etc/nginx/certs:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
ports:
- "80:80"
- "443:443"
restart: always
depends_on:
- web
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certs:/etc/nginx/certs:rw
volumes_from:
- proxy
EOF
and run docker-compose up in the same directory as the docker-compose.yml file.
Now you can set-up HTTPS on dachary.org 🙂