Skip to content

NO ACCOUNT, NO DB. A solution for automation renew SSL certificate and NGINX reverse proxy in one container

License

Notifications You must be signed in to change notification settings

rexzhang/dnsrobocert-plus-nginx

Repository files navigation

dnsrobocert-plus-nginx[WIP]

Docker Image Version (tag latest semver) Docker Pulls

  • simple
  • one container
  • non-root
  • non-SQL
  • for self-hosted

Quick Start

Install

docker pull ray1ex/dnsrobocert-plus-nginx:latest
docker run -dit --restart unless-stopped \
  -u 1000:1000 \
  -p 80:10080 -p 443:10443 -p 22:10022 \
  -v /your/path/config:/config \
  -v /your/path/data:/data \
  -v /your/path/logs:/logs \
  --name dnsrobocert-plus-nginx ray1ex/dnsrobocert-plus-nginx

Config Example

/your/path/config/dnsrobocert.yml

draft: false
acme:
  email_account: your@email.com
  staging: false
profiles:
  - name: cloudflare
    provider: cloudflare
    provider_options:
      auth_token: token-token
    sleep_time: 45
    max_checks: 5
certificates:
  - domains:
      - example.com
      - "*.example.com"
    profile: cloudflare

Ref:

/your/path/config/nginx.toml

[ssl_cert]
default_ssl_cert_domain = "example.com"

[[http_server]]
server_name = "www.example.com"
listen = 10080
listen_ssl = 10443
proxy_pass = "http://172.17.0.1:8000"

[[http_server]]
server_name = "www2.example.com"
listen = 10080
listen_ssl = 10443
root_path = "root /mnt/www/www2.example.com"

[[http_upstream]]
name = "upstream_websocket"
content = """
    least_conn;
    server 127.0.0.1:8081;
    server 127.0.0.1:8082;
"""

[[http_server]]
server_name = "ws.example.com"
listen = 10080
proxy_pass = "upstream_websocket"
support_websocket = true

[[stream_server]]
comment = "ssh"
listen = 10022
proxy_pass = "192.168.1.1:22"

NGINX config dir

part dir
http_upstream /data/nginx/http_upstream.d
http_server /data/nginx/http_server.d
stream_upstream /data/nginx/stream_upstream.d
stream_server /data/nginx/stream_server.d

FAQ

Why is listen_http = false set, NGINX is still response http2

Please http2 turn off all services under the same port, which is a feature of NGINX.

More Info

debug

nginx.toml Parser

python -m plush generate --nginx-conf-dir /tmp --config-nginx-toml examples/nginx.toml

Test logrotate

logrotate --debug /etc/logrotate.conf

TODO

  • 统一日志输出
  • nginx 启动前尝试验证配置文件

About

NO ACCOUNT, NO DB. A solution for automation renew SSL certificate and NGINX reverse proxy in one container

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors 3

  •  
  •  
  •