birgerk / docker-apache-letsencrypt Goto Github PK
View Code? Open in Web Editor NEWThis docker-image contains a simple Apache webserver and supports https-encryption by great Let's Encrypt certificates!
This docker-image contains a simple Apache webserver and supports https-encryption by great Let's Encrypt certificates!
I needed to bind the container Apache virtual host configuration and the Apache and certbot log file locations from a persistent disk instead of volumes, which is what one typically wants to do on a production environment
services:
apache-proxy:
build:
context: "docker-apache-letsencrypt"
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- "${PDISK_MNT}/etc/letsencrypt:/etc/letsencrypt"
- "${PDISK_MNT}/etc/apache-proxy/sites-enabled:/etc/apache2/sites-enabled"
- "${PDISK_MNT}/log/letsencrypt:/var/log/letsencrypt"
- "${PDISK_MNT}/log/apache-proxy:/var/log/apache2"
Since it is not possible to override a parent VOLUME directive, I could not extend the image but had to clone the Dockerfile and remove the VOLUME directive, which is not ideal.
Removing the VOLUME directive would give more flexibility to users.
I can't figure out how to use this. I've tried to start the docker with and without the DOMAINS env variable. I get this:
docker exec -it apache-ssl /run_letsencrypt.sh --domains "<mydomain.com>"
Using Let's Encrypt Production environment...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for <mydomain.com>
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
*** Running /etc/my_init.d/init_letsencrypt.sh...
*** Booting runit daemon...
*** Runit started as PID 26
/etc/letsencrypt contains cli.ini, so this check:
if ([ ! -d $LETSENCRYPT_HOME ] || [ ! "$(ls -A $LETSENCRYPT_HOME)" ]) && [ ! -z "$DOMAINS" ]; then
/run_letsencrypt.sh --domains $DOMAINS
fi
fails?
Hey, I'm trying to include this in my personal project to automatically setup SSL with docker & docker-compose.
When I try to start my containers with docker-compose -f docker-compose.yml -f docker-compose.production.yml up
I get the following error: ERROR: for certbot Cannot start service certbot: network <hash> not found
.
I put the following in my docker-compose.production.yml
file:
certbot:
image: birgerk/apache-letsencrypt
environment:
- "DOMAINS=${DOMAIN_NAME},www.${DOMAIN_NAME}"
- "WEBMASTER_MAIL=${MAIL_ADDRESS}"
Do you have any idea what I could be doing wrong?
Hi,
Great work on this image. I've been using it for months. However, after my latest pull to fix the crontab problem, I am getting this error : Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Do you have any ideas on how it can be fixed? Thanks for your help.
Is there a way to provide a custom configuration for the https virtualhost?
letsencrypt generates the configuration for https as a copy of the configuration for the http virtual host just changing the port and adding the necessary stuff for https. This is not necessarily what is wanted. Configuring the https before letsencrypt certificates have been configured doesn't work either.
I don't really see the advantage of having fail2ban installed on this image. Following docker principles, it should be removed and put on another image.
Thanks,
Nice work, BTW
Hi.
I have a dockerfile and docker-compose.yml file that starts an Apache-PHP-Node environment which has been tested to satisfaction.
The dockerfile is
FROM php:8.0-apache
COPY . /var/www/html
RUN docker-php-ext-install pdo pdo_mysql mysqli. //need to access pdo apis
EXPOSE 80
The docker-compose file is
version: '3'
services:
web-service:
build: ./flowiot
volumes:
- ./flowiot:/var/www/html
- ./settings:/var/rsn
ports:
- 80:80
- 443:443
node-service:
build: ./app
volumes:
- ./settings:/tmp/rsn
-
As you can see a Webserver is launched as well as a node app. And both apps are up and performing as expected.
When using your dockerfile, in the same directory using the original webserver dir (plus adding the Config folder) it does complete the installation and states that the webserver and node app are running.
Creating root_node-service_1 ... done
Creating root_web-service_1 ... done
The node app is working per usual and the webserver serves the html index page Ok. Since there is no PHP, it fails to perform its PHP duties. Also there is no ssl lock in the Browser.
Reviewing the webserver container via exec and looking at the etc/apache2/sites-available there is no WebServer Domain (flowiot.site) as set in the dockerfile ENV DOMAINS="flowiot.site".
ENV DEBIAN_FRONTEND noninteractive
ENV LETSENCRYPT_HOME /etc/letsencrypt
ENV DOMAINS "flowiot.site"
ENV WEBMASTER_MAIL "rsimpso........"
My questions are:
1._ Did I miss something that I did not get a SSL from LetsEncrypt
1._ How do I add PHP. I did try adding a FROM php:7.4 which HAS to be the first statement or your process exit with an error about the website directory. IF done first it does finish but no PHK (did exec to the webserver and did a php -v).
Thanks for any help. As u can imagine, Apache-PHP go very hand in hand for many older services.
Regards.
Robert
This is a discussion that could be a refact.
I'm using this docker image and so far so good, but there is on logic that I think that is weird.
To issue Staging Certs, you need to set up the flag STAGING
but most of the time you're developing, you're actually needing the STAGING
.
So I propose to invert the logic, using the flag PRODUCTION
. So when you need production certificates you define the flag. This prevents undesired generation of valid certificates if you forget the tag.
When I try to updated my domains I am receiving the following message:
docker exec -it apache-ssl /run_letsencrypt.sh --domains $UPDATED_DOMAINS
Using Let's Encrypt Production environment...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
An unexpected error occurred: The request message was malformed :: Error creating new order :: Invalid character in DNS name
Please see the logfiles in /var/log/letsencrypt for more details.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.