Home A - Z
Page Index

An Otter Wiki

Commit 9c239c

2026-01-29 17:55:40 Freedom: Init
/dev/null .. reverse-procy-certbot.md
@@ 0,0 1,83 @@
+ # Reverse Proxy Certbot
+
+
+ # Reverse proxy + TLS (Nginx + Certbot)
+
+ ### Goal
+
+ * Terminate TLS in one place.
+ * Route by hostname to app containers.
+ * Use Certbot with the webroot challenge.
+
+ ### Folder layout
+
+ Create these folders and files next to your `docker-compose.yml`:
+
+ * `certbot/conf/`
+ * `certbot/www/`
+ * `nginx/conf.d/apps.conf`
+ * `initdb/` (optional)
+
+ {% hint style="info" %}
+ I use `initdb/` for optional Postgres init scripts (users, databases).
+ {% endhint %}
+
+ ### Nginx + Postgres config
+
+ Paste this into `docker-compose.yml`:
+
+ ```yaml
+ version: "3.9"
+
+ services:
+ certbot:
+ image: certbot/certbot:latest
+ container_name: certbot
+ volumes:
+ - ./certbot/www:/var/www/certbot
+ - ./certbot/conf:/etc/letsencrypt
+
+ nginx:
+ image: nginx:alpine
+ container_name: nginx
+ restart: unless-stopped
+ depends_on:
+ - freshrss
+ - wallabag
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - ./nginx/conf.d:/etc/nginx/conf.d:ro
+ - ./certbot/www:/var/www/certbot:ro
+ - ./certbot/conf:/etc/letsencrypt:ro
+
+ postgres:
+ image: postgres:16
+ container_name: postgres
+ restart: unless-stopped
+ environment:
+ POSTGRES_USER: postgres
+ POSTGRES_PASSWORD: change_this_admin_password
+ volumes:
+ - ./postgres_data:/var/lib/postgresql/data
+ - ./initdb:/docker-entrypoint-initdb.d
+ ports:
+ - "5432:5432"
+ ```
+
+ ### Certbot command
+
+ Use this when you add a new subdomain under `manxialiu.org`:
+
+ ```bash
+ docker compose run --rm certbot certonly \
+ --webroot -w /var/www/certbot \
+ -d wallabag.manxialiu.org \
+ -d freshrss.manxialiu.org \
+ -d monica.manxialiu.org \
+ -d woeditor.manxialiu.org \
+ --email you@example.com \
+ --agree-tos \
+ --no-eff-email
+ ```
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9