This repo contains docker containers and a docker compose file for running an nginx web server for static content on charlesreid1.com.
This repo is used in pod-charlesreid1.
The services are just:
If you want to do SSL you can, but you have to
run Let's Encrypt outside of the container
and bind-mount your certificates into the
Pretty simple, right?
*.conf files in the
conf.d/ directory will be picked up by nginx.
The config files must be named
No data volumes are used.
- nginx static content is a bind-mounted host directory
- lets encrypt generates site certs, which will be bind-mounted into host directory
web: volumes: - ./letsencrypt_certs:/etc/nginx/certs - ./letsencrypt_www:/var/www/letsencrypt letsencrypt: image: certbot/certbot command: /bin/true volumes: - ./letsencrypt_certs:/etc/letsencrypt - ./letsencrypt_www:/var/www/letsencrypt
Certs and Secrets¶
Lets Encrypt should generate certificates at
root@krash:/home/charles/codes/docker/pod-charlesreid1-site# ls -l /etc/letsencrypt/live/charlesreid1.blue/ total 4 lrwxrwxrwx 1 root root 41 Mar 27 01:03 cert.pem -> ../../archive/charlesreid1.blue/cert1.pem lrwxrwxrwx 1 root root 42 Mar 27 01:03 chain.pem -> ../../archive/charlesreid1.blue/chain1.pem lrwxrwxrwx 1 root root 46 Mar 27 01:03 fullchain.pem -> ../../archive/charlesreid1.blue/fullchain1.pem lrwxrwxrwx 1 root root 44 Mar 27 01:03 privkey.pem -> ../../archive/charlesreid1.blue/privkey1.pem -rw-r--r-- 1 root root 543 Mar 27 01:03 README
These certificate files will be bind-mounted into the nginx container.
Site content comes from github. Nothing to back up.
Question: should we bake the site's static content into the container, and require rebuild/redeploy when site content changes?
Answer: No. We clone a local copy of the gh-pages branch, and bind-mount that into the container.
This enables webhooks to update the static site contents without disturbing the container.