Setup Nginx and Let’s Encrypt with Docker

Abhilash Shettigar

Apr 10, 2020 | 3 min read

I am a software engineer and I have often come across a scenario where I have to make sure that the website is accessed using the HTTPS protocol. The manual process of setting the SSL for this purpose is 3-4 hours long laborious process. Hence, I intended to automate or least make sure I can do is much more efficiently in like 15-20 minutes that’s when I came across this repo of CERTBOT which helped me in the task.

I would be sharing how you can use the CERTBOT for your projects.

Prerequisite

  • Basic knowledge regarding docker and Nginx
  • Access to the DNS settings of the website.
  • Access ec2 or VM instance which can be accessed via ssh.

Getting started

  1. You need to create an entry in your domain’s DNS to bind your server with your domain URL. (I am doing this one of my test domains so, for example, I am adding test domain name as sub-domain hence using an A record it. You need to check the docs of the service provider  for Setting up DNS)

2. Now that DNS set up is done connect to your server using SSH and clone the repo using the URL I mentioned at the start of the blog. Or you can fork it and update it according to your usage. Once the Project is cloned successfully, navigate to the root folder of that project. We need to edit two files

  • init-letsencrypt.sh
  • data/nginx/app.conf

3. We need to do two changes

  • Add domain name
  • Add a valid email in the init-letsencrypt.sh

4. Once you completed the above steps we need to execute the shell script i.e init-letsencrypt.sh but to do so we need to make script executable first. We can do that by using below command

chmod +x init-letsencrypt.sh

5. Run the script using ‘sudo’ command

sudo ./init-letsencrypt.sh

6. Once you run the above script and everything goes well then you will able to see the message regarding everything is done and you can access the domain using the https protocol

Yay! All set but what if the script fails?

Generally, script Fails because you didn’t enter exact domain phrases as mentioned in the DNS provider or you did not open any ports which required so please do keep a note that for your instance there should be port opening for 80 and 443 i.e HTTP and HTTPS protocol. The certificate from Let’s Encrypt expires in a certain period but I have solution for that too!

Automatic Certificate Renewal

If you have checked the docker-compose.yml file there is a section under certbot as shown below

entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

The command above actually checks for renewal of the certificates every 12 hours and it is also recommended by Let’s Encrypt.

For getting updated certificates from  Nginx we need to add this command.

command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

It will reload the nginx configs and certificates every six hours in the background.

So now every piece is in the place now you run the docker-compose file using below command

docker-compose up 
Or 
docker-compose up -d  // running in detached mode

Happy Coding!


Third Rock Techkno is a leading IT services company. We are a top-ranked web, voice and mobile app development company with over 10 years of experience. Client success forms the core of our value system.

We have expertise in the latest technologies including angular, react native, iOs, Android and more. Third Rock Techkno has developed smart, scalable and innovative solutions for clients across a host of industries.

Our team of dedicated developers combine their knowledge and skills to develop and deliver web and mobile apps that boost business and increase output for our clients.