mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-11-22 20:42:04 +01:00
docs: ACME_HTTP_CHALLENGE_LOCATION
This commit is contained in:
parent
c66cedaf97
commit
28bdc6b832
@ -31,7 +31,6 @@ It handles the automated creation, renewal and use of SSL certificates for proxi
|
||||
Three writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
|
||||
|
||||
* `/etc/nginx/certs` to store certificates and private keys (readonly for the **nginx-proxy** container).
|
||||
* `/etc/nginx/vhost.d` to change the configuration of vhosts (required so the CA may access `http-01` challenge files).
|
||||
* `/usr/share/nginx/html` to write `http-01` challenge files.
|
||||
|
||||
Additionally, a fourth volume must be declared on the **acme-companion** container to store `acme.sh` configuration and state: `/etc/acme.sh`.
|
||||
@ -50,7 +49,6 @@ $ docker run --detach \
|
||||
--publish 80:80 \
|
||||
--publish 443:443 \
|
||||
--volume certs:/etc/nginx/certs \
|
||||
--volume vhost:/etc/nginx/vhost.d \
|
||||
--volume html:/usr/share/nginx/html \
|
||||
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
nginxproxy/nginx-proxy
|
||||
|
@ -26,7 +26,6 @@ $ docker run --detach \
|
||||
--publish 80:80 \
|
||||
--publish 443:443 \
|
||||
--volume conf:/etc/nginx/conf.d \
|
||||
--volume vhost:/etc/nginx/vhost.d \
|
||||
--volume html:/usr/share/nginx/html \
|
||||
--volume certs:/etc/nginx/certs \
|
||||
nginx
|
||||
|
@ -1,9 +1,8 @@
|
||||
## Basic usage (with the nginx-proxy container)
|
||||
|
||||
Three writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
|
||||
Two writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:
|
||||
|
||||
* `/etc/nginx/certs` to store certificates and private keys (readonly for the **nginx-proxy** container).
|
||||
* `/etc/nginx/vhost.d` to change the configuration of vhosts (required so the CA may access `http-01` challenge files).
|
||||
* `/usr/share/nginx/html` to write `http-01` challenge files.
|
||||
|
||||
Additionally, a fourth volume must be declared on the **acme-companion** container to store `acme.sh` configuration and state: `/etc/acme.sh`.
|
||||
@ -22,7 +21,6 @@ $ docker run --detach \
|
||||
--publish 80:80 \
|
||||
--publish 443:443 \
|
||||
--volume certs:/etc/nginx/certs \
|
||||
--volume vhost:/etc/nginx/vhost.d \
|
||||
--volume html:/usr/share/nginx/html \
|
||||
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
nginxproxy/nginx-proxy
|
||||
|
@ -32,4 +32,6 @@ You can also create test certificates per container (see [Test certificates](./L
|
||||
|
||||
* `ACME_PRE_HOOK` - The provided command will be run before every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_PRE_HOOK=echo 'start'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
|
||||
|
||||
* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
|
||||
* `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md)
|
||||
|
||||
* `ACME_HTTP_CHALLENGE_LOCATION` - Previously **acme-companion** automatically added the ACME HTTP challenge location to the nginx configuration through files generated in `/etc/nginx/vhost.d`. Recent versions of **nginx-proxy** (>= `1.6`) already include the required location configuration, which remove the need for **acme-companion** to attempt to dynamically add them. If you're running and older version of **nginx-proxy** (or **docker-gen** with an older version of the `nginx.tmpl` file), you can re-enable this behaviour by setting `ACME_HTTP_CHALLENGE_LOCATION` to `true`.
|
||||
|
@ -15,7 +15,7 @@ The use of named containers and volume is not required but helps keeping everyth
|
||||
### Two containers example
|
||||
|
||||
```yaml
|
||||
version: '2'
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
nginx-proxy:
|
||||
@ -25,8 +25,10 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- conf:/etc/nginx/conf.d
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
# The vhost and conf volumes are only required
|
||||
# if you plan to obtain standalone certificates
|
||||
# - vhost:/etc/nginx/vhost.d
|
||||
# - conf:/etc/nginx/conf.d
|
||||
- html:/usr/share/nginx/html
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
@ -46,8 +48,8 @@ services:
|
||||
network_mode: bridge
|
||||
|
||||
volumes:
|
||||
conf:
|
||||
vhost:
|
||||
# vhost:
|
||||
# conf:
|
||||
html:
|
||||
certs:
|
||||
acme:
|
||||
@ -56,7 +58,7 @@ volumes:
|
||||
### Three containers example
|
||||
|
||||
```yaml
|
||||
version: '2'
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
nginx-proxy:
|
||||
@ -66,8 +68,10 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
# The vhost volume is only required if you
|
||||
# plan to obtain standalone certificates
|
||||
# - vhost:/etc/nginx/vhost.d
|
||||
- conf:/etc/nginx/conf.d
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- certs:/etc/nginx/certs:ro
|
||||
network_mode: bridge
|
||||
@ -99,8 +103,8 @@ services:
|
||||
network_mode: bridge
|
||||
|
||||
volumes:
|
||||
# vhost:
|
||||
conf:
|
||||
vhost:
|
||||
html:
|
||||
certs:
|
||||
acme:
|
||||
|
@ -10,7 +10,6 @@ $ docker run -d \
|
||||
-p 80:80 \
|
||||
-p 443:443 \
|
||||
-v certs:/etc/nginx/certs \
|
||||
-v vhost:/etc/nginx/vhost.d \
|
||||
-v html:/usr/share/nginx/html \
|
||||
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
nginxproxy/nginx-proxy
|
||||
@ -18,7 +17,6 @@ $ docker run -d \
|
||||
$ docker volume ls
|
||||
DRIVER VOLUME NAME
|
||||
local certs
|
||||
local vhost
|
||||
local html
|
||||
```
|
||||
|
||||
@ -32,7 +30,6 @@ $ docker run -d \
|
||||
-p 80:80 \
|
||||
-p 443:443 \
|
||||
-v /etc/nginx/certs \
|
||||
-v /etc/nginx/vhost.d \
|
||||
-v /usr/share/nginx/html \
|
||||
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
nginxproxy/nginx-proxy
|
||||
@ -40,7 +37,6 @@ $ docker run -d \
|
||||
$ docker volume ls
|
||||
DRIVER VOLUME NAME
|
||||
local 287be3abd610e5566500d719ceb8b952952f12c9324ef02d05785d4ee9737ae9
|
||||
local 6530b1b40cf89efb71aa7fd19bddec927fa2bcae59b04b9c1c850af72ffe0123
|
||||
local f260f71fefadcdfc311d285d69151f2312915174d3fb1fab89949ec5ec871a54
|
||||
```
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
## Standalone certificates
|
||||
|
||||
You can generate certificate that are not tied to containers environment variable by mounting a user configuration file inside the container at `/app/letsencrypt_user_data`. This feature also require sharing the `/etc/nginx/conf.d` folder between the **nginx-proxy** and **acme-companion** container (and the **docker-gen** container if you are running a [three container setup](./Advanced-usage.md)):
|
||||
You can generate certificate that are not tied to containers environment variable by mounting a user configuration file inside the container at `/app/letsencrypt_user_data`. This feature also require sharing the `/etc/nginx/vhost.d` and `/etc/nginx/conf.d` folder between the **nginx-proxy** and **acme-companion** container (and the **docker-gen** container if you are running a [three container setup](./Advanced-usage.md)):
|
||||
|
||||
```bash
|
||||
$ docker run --detach \
|
||||
@ -14,6 +14,7 @@ $ docker run --detach \
|
||||
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
nginxproxy/nginx-proxy
|
||||
```
|
||||
|
||||
```bash
|
||||
$ docker run --detach \
|
||||
--name nginx-proxy-acme \
|
||||
|
Loading…
Reference in New Issue
Block a user