Installing NGINX with Let’s encrypt in 2 mins

Image result for docker nginx letsencrypt

On the internet there are multiple docker images and compose files which help you to setup an environment with Node and a valid https let’s encript certs in no time.

Among the different options which one should I pick? Which one is “secure”, up-to-date and easy to use?
After some tries and articles read I ended up by adopting the solution proposed by linuxserver.io.

To get it started, what you need is a machine able to run docker.

Let’s make a new directory (eg $HOME/letsencrypt/ ) and let’s create there a file with having as content the code below. The script will create an image called “letsenginx” with a basic configuration set by the environment variables.

#!/bin/bash
#### -BEGIN - CONFIG TO EDIT ####
CFG_PATH=$HOME/letsenginx/volume_cfg
PROC_GID=1001 
PROC_UID=1001
LE_URL=yourdomain.com
LE_EMAIL=admin@yourdomain.com
LE_SUBDOMAINS=www,ftp,somethingelse
LE_VALIDATION=http
LE_TIMEZONE=Italy/Rome
#### - END - CONFIG TO EDIT ####

mkdir -p $CFG_PATH

docker create \
  --cap-add=NET_ADMIN \
  --name=letsenginx \
  -v $CFG_PATH:/config \
  -e PGID=$PROC_GID -e PUID=$PROC_UID  \
  -e EMAIL=$LE_EMAIL \
  -e URL=$LE_URL \
  -e SUBDOMAINS=$LE_SUBDOMAINS \
  -e VALIDATION=$LE_VALIDATION \
  -p 80:80 -p 443:443 \
  -e TZ=$LE_TIMEZONE \
  linuxserver/letsencrypt

The script will take a while to run since it generates some certificates. You can check the status of the image in any moment by running

docker logs IMAGE_ID

Once docker create command exists, you can start the image with:

docker start IMAGE_ID

If everything worked correctly then you should be able to connect to http://yourMachineIP and see valid certificate icon in the URL bar of the browser.

you can now amend the configuration of your nginx instance by editing the filesĀ $HOME/letsenginx/volume_cfg.
Static HTML files, nginx and letsencrypt config are now available there. Try to keep the certificate secure.

Leave a Reply

Your email address will not be published. Required fields are marked *