nice video i like how you handled certbot however I recommend using "--keep-until-expiring" instead of "--force-renewal" that way if the server reboots it doesn't force renewing the certificate, but if it needs a renewal it'll happen.
This is a very informative and well-structured video. It is easy to follow and even without a lot of theory I now know what a reverse proxy is, how domains work and how I can use them in practice. Keep it up ^^
Thanks and great video :) one thing i did additionally in the crontab was to add "1 5 1 */2 * /usr/bin/docker exec nginx nginx -s reload" aswell on the line below, to restart the nginx server to load it with the newly gotten certs :) I've used it also to add https to alot of c-records awell on the same nginx, with simmilar steps, but it is sometimes confusing when redirecting both not http and https when getting the first certificate for the c-record subdomain. but usually works in the end :)
I am running on new container, On start I am getting error for certificate files not found then Challenge filed for domain , I presume this is because CA auth can not hit our serve is nginx is still down. Not sure what to do.
Hi, this setup has nothing to do with CI/CD, it is to secure your web application. You should only have to do it once in the beginning, then the certificate exists and then you have to run it whenever the certificate is about to expire. I hope that helped. If not can you explain a bit more what the problem is and what you are trying to achieve? :)
How can I do the same for two domains? I have backend and frontend run in docker. Both will have different domains. Nginx will be used as proxy for both as well.
Ok I know how to setup nginx config file for both. But should I add two certbot containers for each app into compose file? Or how can I setup single certbot container for both.
Thanks for the lecture. I followed the direction and found that static files not serving after SSL certificate acquired. What could it be the probelm? After searching google, I changed the permission and moved the static file location under /var/www/html/static but no use. Thanks in advance!
Hello, I checked your configuration you commented on the blog post. Did the serving of static files worked with nginx and only using http? Normally giving it a SSL certificate does not change the way static files are served, so I would rather check inside your django application. When I set up django for a project I also had some problems with static files, so I guess that the problem lays there.
Thank you so much I was banging my head on the wall over this one. Could you give advice on doing these steps for a subdomain too, do I need a subdomain certificate?
Hi, you can just repeat the steps for the subdomain. As soon as you have multiple projects something a bit more automated will definitely help you. Check out this video on caddy, it will take care of the certificates for you: ruclips.net/video/JPIzqa17edM/видео.html Hope that helps :)
@@programonaut-yt thanks so much man you’re a godsend. I had so much trouble yesterday because some website documentation on this was outdated and I didn’t realize subdomain certificates go into the same crt file.
@@oussamabadda487 Hi Oussam. Can you explain the issue in more detail or show the error message? 404 means that this location could not be found. Did you create the path to the challenge file?
Hi there, this may cause problems, but why do you want to rerun certbot 6 times? You can also do docker compose up to rebuild a specific container, and that way not issuing a new certificate everytime. In addition, maybe have a look at caddy. Caddy takes care of a lot of the headaches for you immediately: ruclips.net/video/JPIzqa17edM/видео.html
@@programonaut-yt for example there is 6 Pull request to the github and there is auto deploy? It will hit docker compose? 6 times? This is the scenario. By the way new subscriber here nice content. 😁
@@LuckyImpostor Glad you like it and thank you :) In this case I would adjust your GitHub in a way that only the containers that change are rebuilt. You can do that by just lining up the container names after the docker-compose up -d command. Another thing you could do (also what I am doing) is to separate each project into their own compose file and having the nginx + certbot in their own file in the root of your projects.
I have no idea what I'm doing wrong. I'm running a server with my docker containers on it locally on my network which I accessed via duck.dns and everything was working fine before running the certbot but after I ran the certbot I have an SSL certificate on the my site when I access it from my local network but it says the certificate is not valid. and no matter what I try I cannot access the nginx from my duck.dns even though I opened port 80 and 443 on my router.
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
nice video i like how you handled certbot however I recommend using "--keep-until-expiring" instead of "--force-renewal" that way if the server reboots it doesn't force renewing the certificate, but if it needs a renewal it'll happen.
Thank you so much. Finally after 4 days of struggle.
Wanted to say thanks for the video, it really helped me out on my project. It literally solves the exact problem I was facing.
This is a very informative and well-structured video. It is easy to follow and even without a lot of theory I now know what a reverse proxy is, how domains work and how I can use them in practice.
Keep it up ^^
Thanks for this video! Super helpful and well explained.
Very nice tutorial, thank you
It is a good video! definitely helped me. thank you
thats pretty much exactly what i wanted to do. thank you so much for this video.
Your video helped me a lot man, thank you so much.
Thank you too much! It's working very well.
well done, clear and simple
Great first video! Thanks a ton!
Thank you, this worked.
This video is gold
U saved my life ✨🙏
not all hero wear capes
thank you
Can I use the cloudflare plugin with the certbot container? The cloudflare plugin works with the certbot which I both downloaded via apt.
Hi Ben,
Sadly I do not know the plugin or how it works, so I think you would just need to try it.
It was a great video. thanks for sharing...!!!
Thank you maestro! You saved my day! _o/🥳
Glad I could help :)
Amazing video! very informative!
Happy it helped you :)
Thanks and great video :)
one thing i did additionally in the crontab was to add
"1 5 1 */2 * /usr/bin/docker exec nginx nginx -s reload"
aswell on the line below, to restart the nginx server to load it with the newly gotten certs :)
I've used it also to add https to alot of c-records awell on the same nginx, with simmilar steps, but it is sometimes confusing when redirecting both not http and https when getting the first certificate for the c-record subdomain. but usually works in the end :)
Does SSL reception apply to the subdomains of the site?
great... tnx for information.
Do I need to reload nginx after the certbot has renewed? Or will nginx already know it is renewed since the file is mounted?
Awasome! Realy helpfull.
Does this auto renew the ssl certificate? Or do I have to setup a separate cron job for that?
Hey thanks for the awesome video. where can we find the next part as mentioned in the video (automation)
Man this help me a lot, tis
I am running on new container, On start I am getting error for certificate files not found then Challenge filed for domain , I presume this is because CA auth can not hit our serve is nginx is still down. Not sure what to do.
how did you fix this ? or did you fix?
thank you
great job mein freund.
What if I don't have port 80 opened in my router? Is there any way to do this without it opened?
this is 2 months late so im sure you already figured it out, but you need to have port 80 and port 443 port forwarded
Thanks. I want to set up a CI/CD, do I need to run the certbot command every time I use the git action? I am so confused about that.
Hi,
this setup has nothing to do with CI/CD, it is to secure your web application. You should only have to do it once in the beginning, then the certificate exists and then you have to run it whenever the certificate is about to expire.
I hope that helped. If not can you explain a bit more what the problem is and what you are trying to achieve? :)
plz check audio level.. it is too low
anyway content is great
Thanks a lot !!!!
You are welcome! Glad I could help :)
How can I do the same for two domains? I have backend and frontend run in docker. Both will have different domains. Nginx will be used as proxy for both as well.
You have to add both to the config file and set up the certificate for both (using Certbot) :)
I hope that helps!
Ok I know how to setup nginx config file for both. But should I add two certbot containers for each app into compose file? Or how can I setup single certbot container for both.
well done.
Thanks for the lecture. I followed the direction and found that static files not serving after SSL certificate acquired. What could it be the probelm? After searching google, I changed the permission and moved the static file location under /var/www/html/static but no use. Thanks in advance!
Hello,
I checked your configuration you commented on the blog post. Did the serving of static files worked with nginx and only using http?
Normally giving it a SSL certificate does not change the way static files are served, so I would rather check inside your django application. When I set up django for a project I also had some problems with static files, so I guess that the problem lays there.
Thank you so much I was banging my head on the wall over this one. Could you give advice on doing these steps for a subdomain too, do I need a subdomain certificate?
Hi,
you can just repeat the steps for the subdomain.
As soon as you have multiple projects something a bit more automated will definitely help you.
Check out this video on caddy, it will take care of the certificates for you: ruclips.net/video/JPIzqa17edM/видео.html
Hope that helps :)
You do not have to create a new certbot container. You can add a new domain using the -d flag.
@@programonaut-yt thanks so much man you’re a godsend. I had so much trouble yesterday because some website documentation on this was outdated and I didn’t realize subdomain certificates go into the same crt file.
Always Certbot return invalide response from domain 404
This issue make me crazy 🥵
@@oussamabadda487 Hi Oussam. Can you explain the issue in more detail or show the error message?
404 means that this location could not be found. Did you create the path to the challenge file?
Hi there. What will happen if down and up the docker compose 6 times. I know certbot will generate ssl 5 times a day only??? Or doesn't matter?
Hi there,
this may cause problems, but why do you want to rerun certbot 6 times? You can also do docker compose up to rebuild a specific container, and that way not issuing a new certificate everytime.
In addition, maybe have a look at caddy. Caddy takes care of a lot of the headaches for you immediately: ruclips.net/video/JPIzqa17edM/видео.html
@@programonaut-yt for example there is 6 Pull request to the github and there is auto deploy? It will hit docker compose? 6 times? This is the scenario. By the way new subscriber here nice content. 😁
@@LuckyImpostor Glad you like it and thank you :)
In this case I would adjust your GitHub in a way that only the containers that change are rebuilt. You can do that by just lining up the container names after the docker-compose up -d command. Another thing you could do (also what I am doing) is to separate each project into their own compose file and having the nginx + certbot in their own file in the root of your projects.
like it mr. german hehe ;)
Im getting error like connection refused or 404 webroot something
Have you find a solution?
vscode. control-shift-comma type in zoom. menu zoom from 0 to 3. then check mouse zoom . your text is too small.
Larger font-size please for us laptop users
I have no idea what I'm doing wrong. I'm running a server with my docker containers on it locally on my network which I accessed via duck.dns and everything was working fine before running the certbot but after I ran the certbot I have an SSL certificate on the my site when I access it from my local network but it says the certificate is not valid. and no matter what I try I cannot access the nginx from my duck.dns even though I opened port 80 and 443 on my router.
Same here. Although i don't think port forwarding doesn't exist on my ISP.