| .. | ||
| conf_split | ||
| nginx.conf | ||
| README.md | ||
handige sites:
- https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
- https://securityheaders.com/
- https://www.ssllabs.com/
DH-Param maken:
sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096
controleren of dit bestand goed is:
docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"
zonder downtime nginx reloaden:
docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
Certificaten:
aanmaken
sudo docker run -it --rm \
-v /docker/nginx/letsencrypt:/etc/letsencrypt \
-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \
-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \
-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
certbot/certbot \
certonly --webroot \
--email "example@example.nl" \
--agree-tos \
--rsa-key-size "4096" \
--cert-name "example.example.com" \
--webroot-path=/data/letsencrypt \
-d example.example.com
vernieuwen:
docker run --rm -it --name certbot \
-v "/docker/nginx/letsencrypt:/etc/letsencrypt" \
-v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \
-v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \
-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
certbot/certbot renew \
--webroot -w /data/letsencrypt \
--quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
cronjob: (dagelijks auto vernieuwen)
sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx