Skip to content

Deployment Overview of Nginx Certbot on Server

Prerequisites and Basic Requirements

To deploy the Nginx Certbot application, the following requirements must be met:

  • An operating system with Docker and Docker Compose installed.
  • Root or sudo privileges to manage Docker containers and network ports.
  • A valid domain name configured to point to the server's IP address.
  • Network ports 80 and 443 must be open and accessible from the internet for SSL certificate validation and HTTPS traffic.

File and Directory Structure

The application utilizes a specific directory structure for configuration and data persistence:

  • ./nginx-certbot.env: Environment variable file containing configuration settings for the Nginx service.
  • ./user_conf.d/: Directory containing custom Nginx server block configurations.
  • /etc/letsencrypt: Host directory mounted to the container for storing SSL certificates and keys.
  • nginx_secrets: An external Docker volume used to persist Let's Encrypt data.

Docker Containers and Their Deployment

The application is deployed using Docker Compose. The primary service is defined in the compose.yml file.

  • Service Name: nginx
  • Image: jonasal/nginx-certbot:latest
  • Restart Policy: unless-stopped
  • Ports:
  • 80:80 (HTTP)
  • 443:443 (HTTPS)
  • Environment Variables:
  • CERTBOT_EMAIL: Set to [email protected] for certificate notifications.
  • Volumes:
  • nginx_secrets mounted to /etc/letsencrypt inside the container.
  • ./user_conf.d mounted to /etc/nginx/user_conf.d inside the container.

To deploy the container, execute the following command in the directory containing the compose.yml file:

docker compose up -d

Proxy Servers

The deployment utilizes the jonasal/nginx-certbot image, which functions as a reverse proxy and SSL certificate manager.

  • SSL/TLS: The container automatically manages SSL certificates using Let's Encrypt.
  • Custom Domains: Server blocks are defined in the user.conf file within the ./user_conf.d directory.
  • Certificate Paths:
  • Full chain: /etc/letsencrypt/live/{domain}/fullchain.pem
  • Private key: /etc/letsencrypt/live/{domain}/privkey.pem
  • Chain: /etc/letsencrypt/live/{domain}/chain.pem
  • Diffie-Hellman Parameters: Loaded from /etc/letsencrypt/dhparams/dhparam.pem.

The Nginx configuration listens on port 443 for both IPv4 and IPv6 with the reuseport option enabled. The server block returns a 200 status code with a plain text message confirming successful certificate installation.

Starting, Stopping, and Updating

Service management is handled through Docker Compose commands:

  • Start the service: 
    docker compose up -d
  • Stop the service: 
    docker compose down
  • Update the container image: 
    docker compose pull
docker compose up -d
  • View logs: 
    docker compose logs -f nginx
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×