Environment to prepare
- docker
- docker compose
Ready to run the program directory
Create a directory in any path that you decide to run docker-compose, for example, /nginx-acme.
Create a directory to run the program in /opt:
#Enter the opt directory.
cd /opt
#Creating a root directory
mkdir nginx-acme
#Go to the root directory and create the nginx and acme directories respectively
cd nginx-acme
#Creating a subdirectory
mkdir nginx
mkdir acme
Copy the codenginx default.conf
#Go to the nginx directory
cd /opt/nginx-acme/nginx
#Create a configuration file directory
mkdir conf.d
#Create a basic configuration file
vi default.conf
Copy the codedefault.conf
server { listen 443 ssl; server_name xxx.example.com; ssl_certificate /etc/nginx/certs/${server_name}/fullchain.cer; ssl_certificate_key /etc/nginx/certs/${server_name}/${server_name}.key; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location / { root /usr/share/nginx/html; index index.html index.htm; }}Copy the codeThe deployment of acme. Sh
Create a docker – compose. Yml
Yml is created in /opt/nginx-acme/acme program running path docker-comemage. yml. All parameters for starting docker image through docker-compose will be written to this file
/acme.sh maps to /nginx/certs/ so nginx can use certificates directly!
version: "3"
services:
acme.sh:
image: neilpang/acme.sh
container_name: acme.sh
restart: always
command: daemon
environment:
- CF_Key="xxx"
- CF_Email="[email protected]"
volumes:
- ../nginx/certs/:/acme.sh
network_mode: host
Copy the codeAfter saving the file, run the following command in the same directory as docker-comemess. yml to start the file. If you make changes to the docker-comemage. yml file, you can update it to the latest state by simply running the following command from there.
docker-compose up -d
Copy the codeTo apply for the certificate
Run acme to generate the certificate
docker exec acme.sh --register-account -m [email protected] --issue --dns dns_cf -d xxx.example.com -d *.example.com --force --dnssleep
Copy the codeThe domain name and DNS service provider parameters are modified as required. To create a certificate using CloudFlare, you need to point the NS of the domain name to CloudFlare and apply for the administrator’s key on the CloudFlare website. After the command is executed, the certificate is saved in the./ssl/xxx.example.com/ folder. Check whether the following files exist:
ca.cer fullchain.cer example.com.cer example.com.conf example.com.csr example.com.csr.conf example.com.key
Copy the codeAutomatic Certificate Update
Run crontab -e to edit the crontab file, add the following content, and save it.
#You can run the crontab -e command to view the added crontab tasks
0 0 * * * docker exec acme.sh --cron
Copy the codeDeployed nginx
Create a docker – compose. Yml
If the network mode is set to host, 443 TCP port must be enabled on the host.
The certificate generated by acme.sh is mapped to this directory.
The./conf.d directory is created ahead of time and put into the configuration file, do not know what to create carefully read the ready to Run program directory section;
version: '3'
services:
nginx:
image: nginx
restart: always
network_mode: host
volumes:
- ./certs:/etc/nginx/certs
- ./conf.d:/etc/nginx/conf.d
- ./log:/var/log/nginx
- ./www:/var/www
Copy the codeStart the nginx
docker-compose up -d
Copy the codeHost open port
#Open ports
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
#Check the port
firewall-cmd --zone=public --list-ports
Copy the codeTest the
Visit: xxx.example.com
