Repository: thecarlo/letsencrypt-docker-nginx Branch: master Commit: 2f8e7b8d7f3a Files: 10 Total size: 7.1 KB Directory structure: gitextract_q00882y4/ ├── README.md └── src/ ├── letsencrypt/ │ ├── docker-compose.yml │ ├── letsencrypt-site/ │ │ ├── index.html │ │ └── styles/ │ │ └── style.css │ └── nginx.conf └── production/ ├── dh-param/ │ └── dhparam-2048.pem ├── docker-compose.yml ├── production-site/ │ ├── index.html │ └── styles/ │ └── style.css └── production.conf ================================================ FILE CONTENTS ================================================ ================================================ FILE: README.md ================================================ ## How to Setup Free SSL Certificates from Let's Encrypt using Docker and Nginx This is the source code for the guide located at https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx ================================================ FILE: src/letsencrypt/docker-compose.yml ================================================ version: '3.1' services: letsencrypt-nginx-container: container_name: 'letsencrypt-nginx-container' image: nginx:1.14.0 ports: - "80:80" volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf - ./letsencrypt-site:/usr/share/nginx/html networks: - docker-network networks: docker-network: driver: bridge ================================================ FILE: src/letsencrypt/letsencrypt-site/index.html ================================================ Let's Encrypt First Time Cert Issue Site

Oh, hai there!

This is the temporary site that will only be used for the very first time SSL certificates are issued by Let's Encrypt's certbot.

================================================ FILE: src/letsencrypt/letsencrypt-site/styles/style.css ================================================ html, body { height: 100%; background-color: #333; color: #fff; } .site-wrapper { margin-top:100px; text-align:center; } ================================================ FILE: src/letsencrypt/nginx.conf ================================================ server { listen 80; listen [::]:80; server_name ohhaithere.com www.ohhaithere.com; location ~ /.well-known/acme-challenge { allow all; root /usr/share/nginx/html; } root /usr/share/nginx/html; index index.html; } ================================================ FILE: src/production/dh-param/dhparam-2048.pem ================================================ -----BEGIN DH PARAMETERS----- MIIBCAKCAQEArV0Pp7qt4VquZbPd9+ht6zmTVJ3TxW9xzIA7olaBOUcKpLFi6evF pGTYtwlbBebuvdNFG3B+mF/1rzjkfdp+INShjWvnZLwFJ72i+0YnmQvlnXdTSGGs 7RdtyFAxlU387Qcym6Cfx4jXYAtK3isHW613m5gqsK+DbmyWEv+PXuYzbBFYCQXM UKKnCuc2SosETm97AMphmpHyku4YF5zFEuoG/tE3YdP6GbadTIt5c4otENo0MyBf HQyMCCKQ8KGBhb3XWuE2MGlDycAjFhiw22EBPJ5VPyetY8VCvwoL+u/FUow8QvsA ek0MLIttnVFmXMi6L0C9lC73eCXFiqd0UwIBAw== -----END DH PARAMETERS----- ================================================ FILE: src/production/docker-compose.yml ================================================ version: '3.1' services: production-nginx-container: container_name: 'production-nginx-container' image: nginx:1.14.0 ports: - "80:80" - "443:443" volumes: - ./production.conf:/etc/nginx/conf.d/default.conf - ./production-site:/usr/share/nginx/html - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem - /docker-volumes/etc/letsencrypt/live/ohhaithere.com/fullchain.pem:/etc/letsencrypt/live/ohhaithere.com/fullchain.pem - /docker-volumes/etc/letsencrypt/live/ohhaithere.com/privkey.pem:/etc/letsencrypt/live/ohhaithere.com/privkey.pem #for certbot challenges - /docker-volumes/data/letsencrypt:/data/letsencrypt networks: - docker-network networks: docker-network: driver: bridge ================================================ FILE: src/production/production-site/index.html ================================================ Let's Encrypt : Production Site

Oh, hai there!

This is the production site that runs in a Docker Nginx container and loads the SSL certificates from a mapped docker volume.


================================================ FILE: src/production/production-site/styles/style.css ================================================ html, body { height: 100%; background-color: #333; color: #fff; } .site-wrapper { margin-top:100px; text-align:center; } ================================================ FILE: src/production/production.conf ================================================ server { listen 80; listen [::]:80; server_name ohhaithere.com www.ohhaithere.com; location / { rewrite ^ https://$host$request_uri? permanent; } #for certbot challenges (renewal process) location ~ /.well-known/acme-challenge { allow all; root /data/letsencrypt; } } #https://ohhaithere.com server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ohhaithere.com; server_tokens off; ssl_certificate /etc/letsencrypt/live/ohhaithere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ohhaithere.com/privkey.pem; ssl_buffer_size 8k; ssl_dhparam /etc/ssl/certs/dhparam-2048.pem; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_ecdh_curve secp384r1; ssl_session_tickets off; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; return 301 https://www.ohhaithere.com$request_uri; } #https://www.ohhaithere.com server { server_name www.ohhaithere.com; listen 443 ssl http2; listen [::]:443 ssl http2; server_tokens off; ssl_buffer_size 8k; ssl_dhparam /etc/ssl/certs/dhparam-2048.pem; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_ecdh_curve secp384r1; ssl_session_tickets off; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live/ohhaithere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ohhaithere.com/privkey.pem; location / { #security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; #CSP add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; img-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests;" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; } root /usr/share/nginx/html; index index.html; }