# handige sites: - https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx - https://securityheaders.com/ - https://www.ssllabs.com/ # DH-Param maken: - ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048``` - ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096``` # controleren of dit bestand goed is: ```docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"``` # zonder downtime nginx reloaden: ```docker exec -it nginx s6-svc -h /var/run/s6/services/nginx``` # Certificaten: ### aanmaken ``` sudo docker run -it --rm \ -v /docker/nginx/letsencrypt:/etc/letsencrypt \ -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \ -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \ -v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ certbot/certbot \ certonly --webroot \ --email "example@example.nl" \ --agree-tos \ --rsa-key-size "4096" \ --cert-name "example.example.com" \ --webroot-path=/data/letsencrypt \ -d example.example.com ``` ### vernieuwen: ``` docker run --rm -it --name certbot \ -v "/docker/nginx/letsencrypt:/etc/letsencrypt" \ -v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \ -v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \ -v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \ certbot/certbot renew \ --webroot -w /data/letsencrypt \ --quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx ``` ### cronjob: (dagelijks auto vernieuwen) ```sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx```