반응형
SSL 인증서 발급
config/certbot.yml
server {
listen 80;
server_name my.demo.com;
location /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
}
}
docker-compose-certbot-new.yml
version: "3.3"
services:
nginx:
image: nginx:1.17.9
ports:
- "80:80"
volumes:
- ./certbot/letsencrypt:/etc/letsencrypt
- ./certbot/static:/var/www/html
- ./config/certbot.conf:/etc/nginx/conf.d/certbot.conf
certbot:
image: certbot/certbot
volumes:
- ./certbot/letsencrypt:/etc/letsencrypt
- ./certbot/static:/var/www/html
command: certonly --webroot --webroot-path=/var/www/html --non-interactive --agree-tos -m my-demo@gmail.com -d my.demo.com
depends_on:
- nginx
인증서 발급
docker-compose -f docker-compose-certbot-new.yml up
인증서 발급 확인
sudo su
$ ls certbot/letsencrypt/live/my.demo.com
cert.pem chain.pem fullchain.pem privkey.pem README
SSL 설정
config/nginx.conf
server {
listen 80;
server_name my.demo.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name my.demo.com;
ssl_certificate /etc/letsencrypt/live/my.demo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.demo.com/privkey.pem;
location / {
root /deploy;
index index.html index.htm;
}
}
docker-compose.yml
version: "3.3"
services:
nginx:
image: nginx:1.17.9
environment:
TZ: "Asia/Seoul"
ports:
- "80:80"
- "443:443"
volumes:
- ./certbot/letsencrypt:/etc/letsencrypt
- ./config/nginx.conf:/etc/nginx/conf.d/nginx.conf
- ./deploy:/deploy
실행
docker-compose up -d
https 접속 확인
curl https://my.demo.com
SSL 인증서 갱신
docker-compose-certbot-renew.yml
version: "3.3"
services:
certbot:
image: certbot/certbot
volumes:
- ./certbot/letsencrypt:/etc/letsencrypt
command: renew
인증서 갱신
docker-compose -f docker-compose-certbot-renew.yml up
반응형
'Development > Nginx' 카테고리의 다른 글
[Nginx] Echo Module 사용하기 (0) | 2019.09.07 |
---|---|
[Nginx] 설정 (0) | 2019.07.06 |
[Nginx] 설치 (0) | 2019.07.04 |