Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Letsencrypt + Docker - the best way to handle symlink? [closed]

Tags:

linux

docker

nginx

lets-encrypt

I have a Nginx server running on Docker on a Ubuntu host and I wanted to integrate Letsencrypt certificates on it. As I had the Nginx image already created with all the conf setup, after reading different articles I decided to install Letsencrypt on the host and mount the /etc/letsencrypt/ folder in a shared volume in the Nginx container. The problem I had is that symlinks belongs to the file system itself and cannot be resolved by the container which makes sense.

My question is then: what would be the best way to approach this: Should I add all the Letsencrypt setup inside my Nginx custom Dockerfile to get it up and running? Is it possible though to create a separate container which only has Letsencrypt and share a volume from there? Or is it possible somehow to resolve this via changes on my current solution?

Note that at the moment I'm creating a copy of the certificates and pasting them into the volume which is fine but I want to automate the renewal (using certbot renew --dry-run ).

Any help is much appreciated!

like image 727
Carlos Torrecillas Avatar asked Dec 13 '17 11:12

Carlos Torrecillas

1 Answers

The symlinks within the letsencrypt folder will resolve within a docker container as long as the entire /etc/letsencrypt directory is mounted as the volume. Or rather, as long as both the live and archive directory for the site of interest are mounted. What I mean is, one of the symlinks for a letsencrypt domain cert looks like this:

/etc/letsencrypt/live/example.com/cert.pem --> ../../archive/example.com/cert1.pem

To be able to reference the "live" cert name from within my docker container, I created the following volume mounting the whole letsencrypt etc directory:

-v /etc/letsencrypt:/certs

Since the full /etc/letsencrypt is mounted, the volume gets both live and also archive, so the symlink of ../../archive resolves as long as I'm referencing the absolute path to the file I want. In my server config file:

certfile /certs/live/example.com/cert.pem

This works!

Now the really ugly part of this is that I just made all of my letsencrypt certs available to just this one container. But it works for my use case right now where I only have one domain I'm using letsencrypt for on this server. I have used letsencrypt-nginx-proxy-companion before and I prefer that by far, when I can do it.

Edit: Thought of a way to only share the certs needed for the site. Two volume entries:

  • /etc/letsencrypt/live/example.com:/etc/letsencrypt/live/example.com
  • /etc/letsencrypt/archive/example.com:/etc/letsencrypt/archive/example.com
like image 70
deargle Avatar answered Oct 20 '22 01:10

deargle
Sign in to Comment

Related questions

linux shell, sort column 1 in ascending order column 3 in descending order
GLFW cannot create a window: "GLX: Failed to create context: GLXBadFBConfig"
Bash on Windows 10, no loop devices
Cannot change Redis data dir even after changing the user
getaddrinfo on Android returning error EAI_BADFLAGS
Bash: Is it possible to stop a PID from being reused?
xargs sh -c skipping the first argument
Installing older gdb version
Why is sprintf with possible buffer overflow allowed in Linux hwmon?
How to copy file while preserving directory structure using AWS command line
What is memory reclaim in linux
Ansible replace code in multiple files in a directory
Run Linux command from Symfony command
c - fopen opening directories?
google-cloud-sdk installation not finding right Python 2.7 version in CentOS /usr/local/bin
Remove \r\n in awk
What is registry equivalent for Linux? [closed]
Why does Apache recommend against using sendfile() with NFS on Linux
Bash oneliner with pipes and if condition giving error
How to get RGB pixel values from Linux framebuffer?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!