diff --git a/nginx/nginx/README.md b/nginx/nginx/README.md new file mode 100644 index 0000000..d52a150 --- /dev/null +++ b/nginx/nginx/README.md @@ -0,0 +1,47 @@ +# handige sites: +- https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx +- https://securityheaders.com/ +- https://www.ssllabs.com/ + + +# DH-Param maken: +- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048``` +- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096``` + + +# controleren of dit bestand goed is: +```docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"``` + +# zonder downtime nginx reloaden: +```docker exec -it nginx s6-svc -h /var/run/s6/services/nginx``` + +# Cert aanmaken +``` +sudo docker run -it --rm \ +-v /docker/nginx/letsencrypt:/etc/letsencrypt \ +-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \ +-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \ +-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ +certbot/certbot \ +certonly --webroot \ +--email "example@example.nl" \ +--agree-tos \ +--rsa-key-size "4096" \ +--cert-name "example.example.com" \ +--webroot-path=/data/letsencrypt \ +-d example.example.com +``` + +## Cert vernieuwen: +``` +docker run --rm -it --name certbot \ +-v "/docker/nginx/letsencrypt:/etc/letsencrypt" \ +-v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \ +-v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \ +-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ +certbot/certbot renew \ +--webroot -w /data/letsencrypt \ +--quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx +``` +# cronjob: (dagelijks auto vernieuwen) +```sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx```