サーバー証明書(Let’s Encrypt)の取得
certbotのインストール
# apt -y install certbot証明書の取得
# certbot certonly --standalone -d ドメイン名
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel): メールアドレス
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for ドメイン名
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ドメイン名/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ドメイン名/privkey.pem
This certificate expires on 2026-02-12.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
リバースプロキシ用のコンテナ作成
services:
nginx:
image: nginx:latest
container_name: revproxy
ports:
- "80:80"
- "443:443"
restart: always次の工程に進むため、コンテナを起動
# docker compose up -d設定ファイルの取り込み
# mkdir -p nginx/conf.d
# docker cp revproxy:/etc/nginx/nginx.conf nginx/
# docker cp revproxy:/etc/nginx/conf.d/default.conf nginx/conf.d各ファイルを volumes でマウント
設定ファイルの取り出しが終わったら、compose.yaml を再編集します
services:
nginx:
image: nginx:latest
container_name: revproxy
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/docker/nginx.conf:ro
- ./nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro
- /etc/letsencrypt/live/ドメイン名:/etc/letsencrypt:ro
restart: alwaysリバースプロキシ設定
# http
server {
listen 80;
listen [::]:80;
server_name _;
# httpアクセスは全てhttpsへリダイレクト
location / {
return 301 https://$host$request_uri;
}
}
# https
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
server_name _;
# エラーページ
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# リバースプロキシ設定
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WordPressへリバースプロキシ
location / {
client_max_body_size 512M;↲
proxy_pass http://172.17.0.1:21080/;
}
# GitLabへリバースプロキシ
location /gitlab {
client_max_body_size 1000M;
proxy_pass http://172.17.0.1:22080/gitlab;
}
}
コメント