├── LICENSE ├── README.md ├── dockers ├── aspnetcore │ └── docker-compose.yml └── nginx-certbot │ └── docker-compose.yml ├── etc └── nginx │ ├── conf.d │ ├── 00.default.conf │ └── 01.aspnetcore.conf │ └── nginx.conf └── install.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Jeffrey Lee 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nginx-certbot docker install script 2 | 3 | This script installs Docer, Docker-Compose and setup nginx-certbot and ASP.NET Core sample web docker on Debian/Ubuntu. 4 | 5 | Run these command in brand-new Debian or Ubuntu, then you can browse the ASP.NET Core sample site with HTTPS latter. 6 | 7 | ```shell 8 | curl -O https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/install.sh 9 | chmod +x install.sh 10 | ./install.sh www.your-domain.net your-email@gmail.com 11 | ``` 12 | [demo video](https://www.youtube.com/watch?v=sisChevVa0Y) 13 | 14 | [Blog post (in Chinese) / 部落格文章](https://blog.darkthread.net/blog/nginx-certbot-auto-setup/) 15 | -------------------------------------------------------------------------------- /dockers/aspnetcore/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | nginx: 4 | image: mcr.microsoft.com/dotnet/samples:aspnetapp 5 | container_name: aspnetcore_sample 6 | ports: 7 | - 5000:80 -------------------------------------------------------------------------------- /dockers/nginx-certbot/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | nginx: 4 | image: docker.io/staticfloat/nginx-certbot 5 | container_name: nginx 6 | ports: 7 | - 80:80 8 | - 443:443 9 | volumes: 10 | - /var/log/nginx:/var/log/nginx 11 | - /var/log/letsencrypt:/var/log/letsencrypt 12 | - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf 13 | - /etc/nginx/conf.d:/etc/nginx/conf.d 14 | - /etc/letsencrypt:/etc/letsencrypt 15 | restart: always 16 | environment: 17 | - CERTBOT_EMAIL=@email 18 | network_mode: "host" -------------------------------------------------------------------------------- /etc/nginx/conf.d/00.default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | # Listen on plain old HTTP 3 | listen 80 default_server; 4 | 5 | # Pass this particular URL off to certbot, to authenticate HTTPS certificates 6 | location '/.well-known/acme-challenge' { 7 | default_type "text/plain"; 8 | proxy_pass http://localhost:1337; 9 | } 10 | 11 | # Everything else gets shunted over to HTTPS 12 | location / { 13 | return 301 https://$http_host$request_uri; 14 | } 15 | } -------------------------------------------------------------------------------- /etc/nginx/conf.d/01.aspnetcore.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl http2; 3 | server_name @fqdn; 4 | ssl_certificate /etc/letsencrypt/live/@fqdn/fullchain.pem; 5 | ssl_certificate_key /etc/letsencrypt/live/@fqdn/privkey.pem; 6 | 7 | location / { 8 | proxy_pass http://localhost:5000; 9 | proxy_http_version 1.1; 10 | proxy_set_header Upgrade $http_upgrade; 11 | proxy_set_header Connection keep-alive; 12 | proxy_set_header Host $host; 13 | proxy_cache_bypass $http_upgrade; 14 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 15 | proxy_set_header X-Forwarded-Proto $scheme; 16 | } 17 | } -------------------------------------------------------------------------------- /etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include /etc/nginx/mime.types; 13 | default_type application/octet-stream; 14 | 15 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 16 | '$status $body_bytes_sent "$http_referer" ' 17 | '"$http_user_agent" "$http_x_forwarded_for"'; 18 | 19 | access_log /var/log/nginx/access.log main; 20 | 21 | sendfile on; 22 | #tcp_nopush on; 23 | 24 | keepalive_timeout 65; 25 | 26 | gzip on; 27 | gzip_min_length 1000; 28 | gzip_buffers 4 16k; 29 | gzip_comp_level 5; 30 | gzip_types text/plain application/x-javascript text/css application/xml text/javascript; 31 | 32 | include /etc/nginx/conf.d/*.conf; 33 | } -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # curl -O https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/install.sh 4 | # chmod +x install.sh 5 | # ./install.sh www.mydomain.net username@gmail.com 6 | 7 | # exit when any command fails or any unbound variable is accessed 8 | set -eu -o pipefail 9 | 10 | # check if parameter is empty 11 | if (( "$#" < 2 )); 12 | then 13 | echo "syntax: install.sh " 14 | echo "example: install.sh www.mydoamin.net username@gmail.com" 15 | exit 1 16 | fi 17 | 18 | fqdn="$1" 19 | email="$2" 20 | 21 | # if os is not ubuntu or debian, exit 22 | if ! grep -q "Ubuntu" /etc/issue && ! grep -q "Debian" /etc/issue; 23 | then 24 | echo "This script only works on Ubuntu or Debian" 25 | exit 1 26 | fi 27 | 28 | # get administrative privilege 29 | # invoke `sudo' only when running as an unprivileged user (nonzero "$UID") 30 | declare -a a_privilege=() 31 | if (( "$UID" )); 32 | then 33 | a_privilege+=( "sudo" ) 34 | echo "This script requires privileges" 35 | echo "to install packages and write to top-level files / directories." 36 | echo "Invoking \`${a_privilege[*]}' to acquire the permission:" 37 | "${a_privilege[@]}" bash -c ":" 38 | fi 39 | 40 | # install docker 41 | "${a_privilege[@]}" apt-get -y install ca-certificates curl wget gnupg lsb-release 42 | "${a_privilege[@]}" mkdir -p /etc/apt/keyrings 43 | # check if ubuntu or debian 44 | if grep -q "Ubuntu" /etc/issue; 45 | then 46 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | "${a_privilege[@]}" gpg --dearmor -o /etc/apt/keyrings/docker.gpg 47 | echo \ 48 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ 49 | $(lsb_release -cs) stable" | "${a_privilege[@]}" tee /etc/apt/sources.list.d/docker.list > /dev/null 50 | else 51 | curl -fsSL https://download.docker.com/linux/debian/gpg | "${a_privilege[@]}" gpg --dearmor -o /etc/apt/keyrings/docker.gpg 52 | echo \ 53 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ 54 | $(lsb_release -cs) stable" | "${a_privilege[@]}" tee /etc/apt/sources.list.d/docker.list > /dev/null 55 | fi 56 | "${a_privilege[@]}" chmod a+r /etc/apt/keyrings/docker.gpg 57 | "${a_privilege[@]}" apt-get update 58 | "${a_privilege[@]}" apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin 59 | curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi - 60 | chmod +x docker-compose-linux-x86_64 61 | "${a_privilege[@]}" mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose 62 | "${a_privilege[@]}" usermod -aG docker "$USER" 63 | "${a_privilege[@]}" systemctl enable docker 64 | # download docker images 65 | "${a_privilege[@]}" docker pull staticfloat/nginx-certbot 66 | "${a_privilege[@]}" docker pull mcr.microsoft.com/dotnet/samples:aspnetapp 67 | 68 | # download /etc/nginx conf files 69 | "${a_privilege[@]}" mkdir /etc/nginx 70 | "${a_privilege[@]}" mkdir /etc/nginx/conf.d 71 | "${a_privilege[@]}" curl -o /etc/nginx/nginx.conf https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/etc/nginx/nginx.conf 72 | "${a_privilege[@]}" curl -o /etc/nginx/conf.d/00.default.conf https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/etc/nginx/conf.d/00.default.conf 73 | "${a_privilege[@]}" curl -o /etc/nginx/conf.d/01.aspnetcore.conf https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/etc/nginx/conf.d/01.aspnetcore.conf 74 | "${a_privilege[@]}" sed -i "s/@fqdn/$fqdn/g" /etc/nginx/conf.d/01.aspnetcore.conf 75 | 76 | # copy docker-compose.yml to $HOME/dockers/nginx-certbot 77 | mkdir -p "$HOME/dockers/nginx-certbot" 78 | cd "$HOME/dockers/nginx-certbot" 79 | curl -O https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/dockers/nginx-certbot/docker-compose.yml 80 | sed -i "s/@email/$email/g" docker-compose.yml 81 | 82 | # copy docker-compose.yml to $HOME/dockers/aspnetcore 83 | mkdir -p "$HOME/dockers/aspnetcore" 84 | cd "$HOME/dockers/aspnetcore" 85 | curl -O https://raw.githubusercontent.com/darkthread/nginx-certbot-docker-nstaller/master/dockers/aspnetcore/docker-compose.yml 86 | 87 | # start docker containers 88 | cd "$HOME/dockers/aspnetcore" 89 | "${a_privilege[@]}" docker-compose up -d 90 | cd "$HOME/dockers/nginx-certbot" 91 | "${a_privilege[@]}" docker-compose up -d 92 | --------------------------------------------------------------------------------