From 85943306e991706688507824b0a350b54ae51ff5 Mon Sep 17 00:00:00 2001 From: Mathijs Lermer Date: Wed, 28 Oct 2020 15:44:26 +0100 Subject: [PATCH] 'nginx/nginx/README.md' toevoegen --- nginx/nginx/README.md | 47 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 nginx/nginx/README.md diff --git a/nginx/nginx/README.md b/nginx/nginx/README.md new file mode 100644 index 0000000..d52a150 --- /dev/null +++ b/nginx/nginx/README.md @@ -0,0 +1,47 @@ +# handige sites: +- https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx +- https://securityheaders.com/ +- https://www.ssllabs.com/ + + +# DH-Param maken: +- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048``` +- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096``` + + +# controleren of dit bestand goed is: +```docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"``` + +# zonder downtime nginx reloaden: +```docker exec -it nginx s6-svc -h /var/run/s6/services/nginx``` + +# Cert aanmaken +``` +sudo docker run -it --rm \ +-v /docker/nginx/letsencrypt:/etc/letsencrypt \ +-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \ +-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \ +-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ +certbot/certbot \ +certonly --webroot \ +--email "example@example.nl" \ +--agree-tos \ +--rsa-key-size "4096" \ +--cert-name "example.example.com" \ +--webroot-path=/data/letsencrypt \ +-d example.example.com +``` + +## Cert vernieuwen: +``` +docker run --rm -it --name certbot \ +-v "/docker/nginx/letsencrypt:/etc/letsencrypt" \ +-v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \ +-v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \ +-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ +certbot/certbot renew \ +--webroot -w /data/letsencrypt \ +--quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx +``` +# cronjob: (dagelijks auto vernieuwen) +```sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx```