docker-compose.yml should getting
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
... services: nginx: image: nginx:stable-alpine container_name: nginx ports: - "80:80" - "443:443" volumes: - ... - $PWD/certbot/conf:/etc/nginx/ssl - $PWD/certbot/data:/usr/share/nginx/html/letsencrypt ... certbot: image: certbot/certbot:latest command: certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email email@gmail.com --agree-tos --no-eff-email --staging -d [your domain] volumes: - $PWD/certbot/conf:/etc/letsencrypt - $PWD/certbot/logs:/var/log/letsencrypt - $PWD/certbot/data:/usr/share/nginx/html/letsencrypt ... |
And please edit your nginx conf
*** comment all the location code unless “location ~ /.well-known/acme-challenge {”
|
1 2 3 4 5 6 7 8 9 10 11 12 |
server { server_name [your domain]; listen 80; root [project path]; index index.php index.html index.htm; location ~ /.well-known/acme-challenge { allow all; root /usr/share/nginx/html/letsencrypt; } } |
then run docker-compose up -d
if certbot success, you can find the fold “cd certbot/conf/live/[your domain]”
And update the nginx conf again
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
server { listen [::]:80; listen 80; server_name [your domain]; location ~ /.well-known/acme-challenge { allow all; root /usr/share/nginx/html/letsencrypt; } # redirect http to https return 301 https://[your domain]$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name [your domain]; # SSL code ssl_certificate /etc/nginx/ssl/live/[your domain]/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/[your domain]/privkey.pem; client_max_body_size 20M; root [project path]; index index.php index.html index.htm; if (!-e $request_filename) { rewrite ^(.+)$ /index.php?q=$1 last; } location ~ .php$ { #try_files $uri =404; fastcgi_pass php:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_read_timeout 300; } } |
*** If you do it for wordpress, please install “Really Simple SSL” & “CloudFlare Flexible SSL Plugin” plugin first, then follow the instruction to fix all issue.