Co-authored-by: Mageas <email@example.com> Reviewed-on: #1
Certginx is a helper tool to generate certbot certificates. It is compatible with multiple domains and support multiple applications.
How to use certginx
Make sure your firewall allows the incoming 80 and 443 ports.
Open ports with iptables:
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
Replace all the occurrences of subdomain.domain.com with your domain name.
Every time you want to add a new domain. You need to configure the file below.
Update DOMAINS and EMAIL variables to begin the installation. If you are testing, put STAGING to 1 to avoid hitting request limits.
Executing the script
Run the script with
Configuring after script
./nginx/conf.d/<your-domain>.conf to suit your needs.
Update localhost in
Communicating between certginx and your app
I will use
example-app as network, you may rename it.
At the end of
At the end of the file, add:
External networks are not automatically created by docker-compose. To do so, just run the command below:
You need to do the same thing in your
docker-compose.yml app, but instead of
nginx service, it will be your communicating service.
Best practice to deploy
The best way to deploy your app with certginx is to create a user per application (eg. user certginx for certgins and user website for your website).
Secure your nginx
Use the latest ssl protocols.
Catch bad sni (replace
dummy-certificate with a dummy certificate).
Catch bad vhost.
- nginx-certbot the base of the