Home A - Z
Page Index

An Otter Wiki

Blame

9c239c Freedom 2026-01-29 17:55:40 1 
# Reverse Proxy Certbot
2
3
4
# Reverse proxy + TLS (Nginx + Certbot)
5
6
### Goal
7
8
* Terminate TLS in one place.
9
* Route by hostname to app containers.
10
* Use Certbot with the webroot challenge.
11
12
### Folder layout
13
14
Create these folders and files next to your `docker-compose.yml`:
15
16
* `certbot/conf/`
17
* `certbot/www/`
18
* `nginx/conf.d/apps.conf`
19
* `initdb/` (optional)
20
21
{% hint style="info" %}
22
I use `initdb/` for optional Postgres init scripts (users, databases).
23
{% endhint %}
24
25
### Nginx + Postgres config
26
27
Paste this into `docker-compose.yml`:
28
29
```yaml
30
version: "3.9"
31
32
services:
33
certbot:
34
image: certbot/certbot:latest
35
container_name: certbot
36
volumes:
37
- ./certbot/www:/var/www/certbot
38
- ./certbot/conf:/etc/letsencrypt
39
40
nginx:
41
image: nginx:alpine
42
container_name: nginx
43
restart: unless-stopped
44
depends_on:
45
- freshrss
46
- wallabag
47
ports:
48
- "80:80"
49
- "443:443"
50
volumes:
51
- ./nginx/conf.d:/etc/nginx/conf.d:ro
52
- ./certbot/www:/var/www/certbot:ro
53
- ./certbot/conf:/etc/letsencrypt:ro
54
55
postgres:
56
image: postgres:16
57
container_name: postgres
58
restart: unless-stopped
59
environment:
60
POSTGRES_USER: postgres
61
POSTGRES_PASSWORD: change_this_admin_password
62
volumes:
63
- ./postgres_data:/var/lib/postgresql/data
64
- ./initdb:/docker-entrypoint-initdb.d
65
ports:
66
- "5432:5432"
67
```
68
69
### Certbot command
70
71
Use this when you add a new subdomain under `manxialiu.org`:
72
73
```bash
74
docker compose run --rm certbot certonly \
75
--webroot -w /var/www/certbot \
76
-d wallabag.manxialiu.org \
77
-d freshrss.manxialiu.org \
78
-d monica.manxialiu.org \
79
-d woeditor.manxialiu.org \
80
--email you@example.com \
81
--agree-tos \
82
--no-eff-email
83
```