nortmas
9/12/2018 - 8:23 AM

Certificate

### https://letsencrypt.org/ ###
### https://certbot.eff.org/docs/using.html?highlight=expand

# 1) make sure there in no https redirects for the domian
# 2) check if the fomain is available
# 3) set up the traefic

  traefik:
    image: traefik
    container_name: "traefik"
    restart: unless-stopped
    command: -c /dev/null --web --docker --logLevel=INFO --defaultEntryPoints='https' --entryPoints="Name:https Address::443 TLS:/certs/cert.pem,/certs/privkey.pem" --entryPoints="Name:http Address::80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./certs:/certs/
    ports:
      - 80:80
      - 443:443

# 4) set up an apache:
  apache:
    image: 'wodby/php-apache:2.4-3.0.5'
    container_name: '${COMPOSE_PROJECT_NAME}_apache'
    restart: always
    depends_on:
      - php
    environment:
      APACHE_LOG_LEVEL: debug
      APACHE_BACKEND_HOST: php
      APACHE_SERVER_ROOT: /var/www/html/web
    volumes:
      - ./:/var/www/html
    labels:
      traefik.backend: '${COMPOSE_PROJECT_NAME}_apache'
      traefik.port: '80'
      traefik.frontend.entryPoints: 'https,http'
      traefik.frontend.rule: 'Host:www.ipso.ch,ipso.ch'

# 5) implement the command
docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly --manual -d ipso.ch - d www.ipso.ch --expand 

# 6) Open new terminal window and create a file with the content on the server.
# 7) be aware that there are limits for generation 5 fails per hour.
# 8) proceed in a first window.

openssl req -x509 -out certs/localhost.crt -keyout certs/localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")