Closed ohcfe closed 1 year ago
I think you should use nginx reverse proxy to get letsencrypt cert, without even touching docker container.
Like this. Run nginx trivial site like this
server {
listen 80;
server_name calc.onyour.domain;
root /var/data/cocalc-test-root;
location / {
autoindex on;
}
}
and run certbot certonly
, answering your domain and /var/data/cocalc-test-root
on certbots question.
then, after getting certs, replace this config to something like
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
server_name calc.onyour.domain;
ssl_certificate /etc/letsencrypt/live/calc.onyour.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/calc.onyour.domain/privkey.pem;
location / {
# push traffic through the proxy to the port you mapped above, in this case 9090, on the localhost:
proxy_pass https://localhost:9443;
# this enables proxying for websockets, which cocalc uses extensively:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
(of course, then your run docker, map 9443 to 443 on container).
Seems solved.
After installing the docker image as described in
README.md
I decided to install a proper certificate so that my users won't have their browsers yelling at them every time they try to sign-in.I opened up an interactive terminal to the image:
I installed the letsencrypt package:
and finally I tried to use certbot to get a certificate:
Certbot needs to be able to talk to letsencrypt.org on port 80 as well as port 443... so I am unable to get proper certs... What is the proper way to get non self-signed certificates for my docker image?
Thanks.