Aquesta és una revisió antiga del document
server + docker
instalación servidor
- setup.sh
apt-get update apt-get upgrade -y apt install sudo vim \ mc \ ncdu \ curl \ wget \ git \ fonts-powerline \ zsh \ apt-transport-https \ ca-certificates \ curl \ gnupg2 \ software-properties-common useradd -m -d /home/user user passwd user usermod -a -G sudo user vim /etc/sudoers.d/nopass # user ALL=(ALL) NOPASSWD:ALL vim /etc/ssh/sshd_config # PermitRootLogin No
instalación nginx+certbot
- crear estructura de directorios:
mkdir -p data/nginx/conf.d mkdir -p data/nginx/www mkdir -p data/certbot/www mkdir -p data/certbot/conf
- crear fichero configuración nginx:
server { listen 80; server_name <SERVER_NAME>; # location / { # return 301 https://$host$request_uri; # } root /var/www/html; index index.html; location /.well-known/acme-challenge/ { root /var/www/certbot; } } #server { # listen 443 ssl; # server_name <SERVER_NAME>; # ssl_certificate /etc/letsencrypt/live/k0.vividumcodex.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/k0.vividumcodex.com/privkey.pem; ## include /etc/letsencrypt/options-ssl-nginx.conf; ## ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # # location / { # root /var/www/html; # } } - ejecutar:
- run-nginx.sh
docker run \ -it \ --name nginx \ --rm \ -p 80:80 \ -v ${PWD}/data/nginx/conf.d:/etc/nginx/conf.d \ -v ${PWD}/data/nginx/www:/var/www/html \ -v ${PWD}/data/certbot/conf:/etc/letsencrypt \ -v ${PWD}/data/certbot/www:/var/www/certbot \ nginx:1.15-alpine
- ejecutar:
- run-certbot.sh
docker run \ -it \ --name certbot \ --rm \ -v ${PWD}/data/certbot/conf:/etc/letsencrypt \ -v ${PWD}/data/certbot/www:/var/www/certbot \ certbot/certbot:latest certonly
- opción 2 (place files in webroot directory)
- webroot: /var/www/certbot
origen
https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
- docker-compose.yml
version: '3' services: nginx: image: nginx:1.15-alpine ports: - "80:80" - "443:443" volumes: - ./data/nginx/conf.d:/etc/nginx/conf.d - ./data/nginx/www:/var/www/html - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot # command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" certbot: image: certbot/certbot volumes: - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot command: "certonly" # # entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
instalacion rtorrent+rutorrent
- crear estructura de directorios:
mkdir -p data/downloads/completo mkdir -p data/root mkdir -p data/rutorrent
- copiar ficheros de configuración contenedor en /root (sacados del propio contenedor y modificar los ficheros de configuración de nginx):
- añadir:
location /completo { alias /downloads/completo; autoindex on; }
- copiar fichero config.php en data/rutorrent (para cambiar variable
$forbidUserSettings = true;) - crear enlaces simbólicos:
# los enlaces funcionarán desde dentro del contenedor por el mapeo de volumen ln -s /etc/letsencrypt/live/k0.vividumcodex.com/cert.pem nginx.crt ln -s /etc/letsencrypt/live/k0.vividumcodex.com/privkey.pem nginx.pem
- ejecutar:
CERTBOT_PATH="/home/user/workspaces/nginx+certbot" docker run \ -dt \ --restart unless-stopped \ --name rtorrent-rutorrent \ -p 443:443 \ -p 49160:49160/udp \ -p 49161:49161 \ -v ${PWD}/data/downloads:/downloads \ -v ${PWD}/data/root:/root \ -v ${PWD}/data/rutorrent/config.php:/var/www/rutorrent/conf/config.php \ -v ${CERTBOT_PATH}/data/certbot/conf:/etc/letsencrypt \ -v ${CERTBOT_PATH}/data/certbot/www:/var/www/certbot \ diameter/rtorrent-rutorrent:latest