Strategy for wrapping a non SSL service with dockerized nginx and Lets Encript Certificates.
THE ONLY ONE REQUIREMENT IS THAT YOUR DOMAIN IS POINTING TO THE IP ADDRESS OF THE SERVER IN WHICH YOU WILL DO THE FOLLOWING STUFF
Basically, we need to do just a few steps:
- Install Docker in your brand new box and start a dummy service running in any specific port
- Create (or get) certificates from your provider OR by using LetsEncrypt technology
- Build a Wrapper by Using an nginx custom proxy
Part 1
- sudo sh -c "echo 'LC_ALL=en_US.UTF-8\nLANG=en_US.UTF-8' >> /etc/environment"
- sudo apt-get update
- wget -qO- https://get.docker.com/ | sh
- sudo gpasswd -a ${USER} docker
- exit
- echo "Starting a dummy service running at port 80"
- docker run -d -p 80:80 nginx
Part 2 (If you have your own certificates, omit this part)
- sudo apt-get install software-properties-common
- sudo add-apt-repository universe
- sudo add-apt-repository ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get install certbot
- sudo ./create-cert.sh
Part 3
- mkdir /home/ubuntu/bridge
- mkdir /home/ubuntu/bridge/conf.d
- nano /home/ubuntu/bridge/conf.d/pba.conf
- nano /home/ubuntu/bridge/run.sh
- chmod 700 /home/ubuntu/bridge/run.sh
- /home/ubuntu/bridge/run.sh
Now, you can see in: https://your-site.com how the certs are shown... NOTE: If you have given an SSL Certificate, just adjust the paths for its location in "run.sh" and "conf.d" accordangly
Cheers, Goose