How to Secure Your Applications with HTTPS Using Docker, NGINX, and Let's Encrypt
HTML-код
- Опубликовано: 18 июн 2024
- In this guide, you will learn how to secure your web app with SSL by utilizing Docker, NGINX, and Lets Encrypt.
Original Post: www.programonaut.com/setup-ss...
---
Hostinger VPS: pgnt.xyz/hostinger-vps - for everyone
Netcup VPS: pgnt.xyz/netcup-vps - for german users
Hostinger Domain: pgnt.xyz/hostinger-domain
Netcup Domain: pgnt.xyz/netcup-domain - for german users
Discord Community: pgnt.xyz/discord
Hostinger links are affiliate links.
---
00:00 Intro
00:37 Docker Container
03:00 Reverse Proxy using NGINX
06:10 SSL Certificates with Let's Encrypt
13:55 Auto-Renewal
15:45 Conclusion
nice video i like how you handled certbot however I recommend using "--keep-until-expiring" instead of "--force-renewal" that way if the server reboots it doesn't force renewing the certificate, but if it needs a renewal it'll happen.
This is a very informative and well-structured video. It is easy to follow and even without a lot of theory I now know what a reverse proxy is, how domains work and how I can use them in practice.
Keep it up ^^
Great first video! Thanks a ton!
well done, clear and simple
It is a good video! definitely helped me. thank you
Thank you, this worked.
Awasome! Realy helpfull.
Man this help me a lot, tis
Amazing video! very informative!
Happy it helped you :)
well done.
great job mein freund.
thank you
like it mr. german hehe ;)
Thank you maestro! You saved my day! _o/🥳
Glad I could help :)
Thanks a lot !!!!
You are welcome! Glad I could help :)
Hey thanks for the awesome video. where can we find the next part as mentioned in the video (automation)
Does this auto renew the ssl certificate? Or do I have to setup a separate cron job for that?
this docker container runs successfully on the VPS, but how can i run it locally? It would be great to use this docker-compose config locally and afterwards push it somehow to my VPS
What if I don't have port 80 opened in my router? Is there any way to do this without it opened?
Thanks. I want to set up a CI/CD, do I need to run the certbot command every time I use the git action? I am so confused about that.
Hi,
this setup has nothing to do with CI/CD, it is to secure your web application. You should only have to do it once in the beginning, then the certificate exists and then you have to run it whenever the certificate is about to expire.
I hope that helped. If not can you explain a bit more what the problem is and what you are trying to achieve? :)
Thank you so much I was banging my head on the wall over this one. Could you give advice on doing these steps for a subdomain too, do I need a subdomain certificate?
Hi,
you can just repeat the steps for the subdomain.
As soon as you have multiple projects something a bit more automated will definitely help you.
Check out this video on caddy, it will take care of the certificates for you: ruclips.net/video/JPIzqa17edM/видео.html
Hope that helps :)
You do not have to create a new certbot container. You can add a new domain using the -d flag.
@@programonaut-yt thanks so much man you’re a godsend. I had so much trouble yesterday because some website documentation on this was outdated and I didn’t realize subdomain certificates go into the same crt file.
Always Certbot return invalide response from domain 404
This issue make me crazy 🥵
@@oussamabadda487 Hi Oussam. Can you explain the issue in more detail or show the error message?
404 means that this location could not be found. Did you create the path to the challenge file?
Thanks for the lecture. I followed the direction and found that static files not serving after SSL certificate acquired. What could it be the probelm? After searching google, I changed the permission and moved the static file location under /var/www/html/static but no use. Thanks in advance!
Hello,
I checked your configuration you commented on the blog post. Did the serving of static files worked with nginx and only using http?
Normally giving it a SSL certificate does not change the way static files are served, so I would rather check inside your django application. When I set up django for a project I also had some problems with static files, so I guess that the problem lays there.
How can I do the same for two domains? I have backend and frontend run in docker. Both will have different domains. Nginx will be used as proxy for both as well.
You have to add both to the config file and set up the certificate for both (using Certbot) :)
I hope that helps!
Ok I know how to setup nginx config file for both. But should I add two certbot containers for each app into compose file? Or how can I setup single certbot container for both.
Hi there. What will happen if down and up the docker compose 6 times. I know certbot will generate ssl 5 times a day only??? Or doesn't matter?
Hi there,
this may cause problems, but why do you want to rerun certbot 6 times? You can also do docker compose up to rebuild a specific container, and that way not issuing a new certificate everytime.
In addition, maybe have a look at caddy. Caddy takes care of a lot of the headaches for you immediately: ruclips.net/video/JPIzqa17edM/видео.html
@@programonaut-yt for example there is 6 Pull request to the github and there is auto deploy? It will hit docker compose? 6 times? This is the scenario. By the way new subscriber here nice content. 😁
@@LuckyImposter Glad you like it and thank you :)
In this case I would adjust your GitHub in a way that only the containers that change are rebuilt. You can do that by just lining up the container names after the docker-compose up -d command. Another thing you could do (also what I am doing) is to separate each project into their own compose file and having the nginx + certbot in their own file in the root of your projects.
Im getting error like connection refused or 404 webroot something
Have you find a solution?
Larger font-size please for us laptop users
I have no idea what I'm doing wrong. I'm running a server with my docker containers on it locally on my network which I accessed via duck.dns and everything was working fine before running the certbot but after I ran the certbot I have an SSL certificate on the my site when I access it from my local network but it says the certificate is not valid. and no matter what I try I cannot access the nginx from my duck.dns even though I opened port 80 and 443 on my router.
Can I use the cloudflare plugin with the certbot container? The cloudflare plugin works with the certbot which I both downloaded via apt.
Hi Ben,
Sadly I do not know the plugin or how it works, so I think you would just need to try it.