1
0

docs: ACME_HTTP_CHALLENGE_LOCATION

This commit is contained in:
Nicolas Duchon 2024-05-30 23:17:21 +02:00
parent c66cedaf97
commit 28bdc6b832
No known key found for this signature in database
GPG Key ID: EA3151C66A4D79E7
7 changed files with 18 additions and 20 deletions

@ -31,7 +31,6 @@ It handles the automated creation, renewal and use of SSL certificates for proxi
Three writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
* `/etc/nginx/certs` to store certificates and private keys (readonly for the **nginx-proxy** container).
* `/etc/nginx/vhost.d` to change the configuration of vhosts (required so the CA may access `http-01` challenge files).
* `/usr/share/nginx/html` to write `http-01` challenge files.
Additionally, a fourth volume must be declared on the **acme-companion** container to store `acme.sh` configuration and state: `/etc/acme.sh`.
@ -50,7 +49,6 @@ $ docker run --detach \
--publish 80:80 \
--publish 443:443 \
--volume certs:/etc/nginx/certs \
--volume vhost:/etc/nginx/vhost.d \
--volume html:/usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy

@ -26,7 +26,6 @@ $ docker run --detach \
--publish 80:80 \
--publish 443:443 \
--volume conf:/etc/nginx/conf.d \
--volume vhost:/etc/nginx/vhost.d \
--volume html:/usr/share/nginx/html \
--volume certs:/etc/nginx/certs \
nginx

@ -1,9 +1,8 @@
## Basic usage (with the nginx-proxy container)
Three writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
Two writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
* `/etc/nginx/certs` to store certificates and private keys (readonly for the **nginx-proxy** container).
* `/etc/nginx/vhost.d` to change the configuration of vhosts (required so the CA may access `http-01` challenge files).
* `/usr/share/nginx/html` to write `http-01` challenge files.
Additionally, a fourth volume must be declared on the **acme-companion** container to store `acme.sh` configuration and state: `/etc/acme.sh`.
@ -22,7 +21,6 @@ $ docker run --detach \
--publish 80:80 \
--publish 443:443 \
--volume certs:/etc/nginx/certs \
--volume vhost:/etc/nginx/vhost.d \
--volume html:/usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy

@ -32,4 +32,6 @@ You can also create test certificates per container (see [Test certificates](./L
* `ACME_PRE_HOOK` - The provided command will be run before every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_PRE_HOOK=echo 'start'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
* `ACME_HTTP_CHALLENGE_LOCATION` - Previously **acme-companion** automatically added the ACME HTTP challenge location to the nginx configuration through files generated in `/etc/nginx/vhost.d`. Recent versions of **nginx-proxy** (>= `1.6`) already include the required location configuration, which remove the need for **acme-companion** to attempt to dynamically add them. If you're running and older version of **nginx-proxy** (or **docker-gen** with an older version of the `nginx.tmpl` file), you can re-enable this behaviour by setting `ACME_HTTP_CHALLENGE_LOCATION` to `true`.

@ -15,7 +15,7 @@ The use of named containers and volume is not required but helps keeping everyth
### Two containers example
```yaml
version: '2'
version: "2"
services:
nginx-proxy:
@ -25,8 +25,10 @@ services:
- "80:80"
- "443:443"
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
# The vhost and conf volumes are only required
# if you plan to obtain standalone certificates
# - vhost:/etc/nginx/vhost.d
# - conf:/etc/nginx/conf.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
@ -46,8 +48,8 @@ services:
network_mode: bridge
volumes:
conf:
vhost:
# vhost:
# conf:
html:
certs:
acme:
@ -56,7 +58,7 @@ volumes:
### Three containers example
```yaml
version: '2'
version: "2"
services:
nginx-proxy:
@ -66,8 +68,10 @@ services:
- "80:80"
- "443:443"
volumes:
# The vhost volume is only required if you
# plan to obtain standalone certificates
# - vhost:/etc/nginx/vhost.d
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs:ro
network_mode: bridge
@ -99,8 +103,8 @@ services:
network_mode: bridge
volumes:
# vhost:
conf:
vhost:
html:
certs:
acme:

@ -10,7 +10,6 @@ $ docker run -d \
-p 80:80 \
-p 443:443 \
-v certs:/etc/nginx/certs \
-v vhost:/etc/nginx/vhost.d \
-v html:/usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy
@ -18,7 +17,6 @@ $ docker run -d \
$ docker volume ls
DRIVER VOLUME NAME
local certs
local vhost
local html
```
@ -32,7 +30,6 @@ $ docker run -d \
-p 80:80 \
-p 443:443 \
-v /etc/nginx/certs \
-v /etc/nginx/vhost.d \
-v /usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy
@ -40,7 +37,6 @@ $ docker run -d \
$ docker volume ls
DRIVER VOLUME NAME
local 287be3abd610e5566500d719ceb8b952952f12c9324ef02d05785d4ee9737ae9
local 6530b1b40cf89efb71aa7fd19bddec927fa2bcae59b04b9c1c850af72ffe0123
local f260f71fefadcdfc311d285d69151f2312915174d3fb1fab89949ec5ec871a54
```

@ -1,6 +1,6 @@
## Standalone certificates
You can generate certificate that are not tied to containers environment variable by mounting a user configuration file inside the container at `/app/letsencrypt_user_data`. This feature also require sharing the `/etc/nginx/conf.d` folder between the **nginx-proxy** and **acme-companion** container (and the **docker-gen** container if you are running a [three container setup](./Advanced-usage.md)):
You can generate certificate that are not tied to containers environment variable by mounting a user configuration file inside the container at `/app/letsencrypt_user_data`. This feature also require sharing the `/etc/nginx/vhost.d` and `/etc/nginx/conf.d` folder between the **nginx-proxy** and **acme-companion** container (and the **docker-gen** container if you are running a [three container setup](./Advanced-usage.md)):
```bash
$ docker run --detach \
@ -14,6 +14,7 @@ $ docker run --detach \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy
```
```bash
$ docker run --detach \
--name nginx-proxy-acme \