In today’s digital world, securing your website with HTTPS is essential for protecting user data and establishing trust. Let’s Encrypt offers free SSL certificates, and with Docker, you can easily set up and manage these certificates. This article will guide you through the process of configuring Docker services for Let’s Encrypt and setting up Nginx to serve your site securely.
Prerequisites
Before starting, make sure the following are installed on your system:
-
Docker: Visit Docker’s official website to download and install Docker Desktop.
-
Docker Compose: Usually included with Docker Desktop, install separately if it’s not.
If you don't know how to set up the environment for docker, read about it here.
Step 1: Initial Nginx Configuration
First, let’s set up the Nginx configuration to handle HTTP traffic and to respond to Let’s Encrypt’s challenges. Create an nginx.conf file with the following content:
# nginx.conf
# Define the upstream server (Gunicorn)
upstream web {
server web:8000;
}
server {
listen 80;
server_name localhost;
client_max_body_size 50M;
client_body_buffer_size 50M;
location /static/ {
alias /static/;
# expires 30d;
}
location /media/ {
alias /media/;
expires 30d;
}
location / {
proxy_pass http://web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
Step 2: Configure Docker Service for Let’s Encrypt
Next, configure the Docker service for Let’s Encrypt using Certbot. Add the following service definition to your docker-compose.yml file:
certbot:
image: certbot/certbot
volumes:
- ./docker/certbot/www/:/var/www/certbot/:rw
- ./docker/certbot/conf/:/etc/letsencrypt/:rw
Step 3: Obtain SSL Certificates
Run the following command to obtain your SSL certificates from Let’s Encrypt:
docker-compose run --rm certbot certonly --webroot --webroot-path=/var/www/certbot -d example.com
Replace example.com with your actual domain name.
Step 4: Update Nginx Configuration for SSL
After obtaining the certificates, update your Nginx configuration to use SSL. Modify your nginx.conf file to the following:
# nginx.conf
upstream web {
server web:8000;
}
server {
listen 80;
server_name example.com;
client_max_body_size 50M;
client_body_buffer_size 50M;
location /static/ {
alias /static/;
}
location /media/ {
alias /media/;
expires 30d;
}
location / {
proxy_pass http://web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name example.com www.example.com;
client_max_body_size 50M;
client_body_buffer_size 50M;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
location /static/ {
alias /static/;
}
location /media/ {
alias /media/;
expires 30d;
}
location / {
proxy_pass http://web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Replace example.com with your actual domain name.
Conclusion
By following these steps, you can secure your website with free SSL certificates from Let’s Encrypt, using Docker to simplify the process. This setup ensures that your site can handle secure HTTPS traffic, improving security and user trust.