# handige sites:
- https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
- https://securityheaders.com/
- https://www.ssllabs.com/


# DH-Param maken:
- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048```
- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096```


# controleren of dit bestand goed is:
```docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"```

# zonder downtime nginx reloaden:
```docker exec -it nginx s6-svc -h /var/run/s6/services/nginx```

# Certificaten:
### aanmaken
```
sudo docker run -it --rm \
-v /docker/nginx/letsencrypt:/etc/letsencrypt \
-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \
-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \
-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
certbot/certbot \
certonly --webroot \
--email "example@example.nl" \
--agree-tos \
--rsa-key-size "4096" \
--cert-name "example.example.com" \
--webroot-path=/data/letsencrypt \
-d example.example.com
```

### vernieuwen:
```
docker run --rm -it --name certbot \
-v "/docker/nginx/letsencrypt:/etc/letsencrypt" \
-v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \
-v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \
-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
certbot/certbot renew \
--webroot -w /data/letsencrypt \
--quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
```
### cronjob: (dagelijks auto vernieuwen)
```sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx```