Recently, due to the need for multiple servers/domain management personally, I feel waste of time to config the server one by one. Especially, when server restart, migration, upgrade, SSL certificate update.
Thus, I have made a Github project to accomplish this task automatically. This project has the following advantages
- Almost zero dependence: all you need is docker. It even does not require any reversed proxy server like Nginx, Apache (httpd) installed.
- Simple usage: all operations are accomplished in just ONE command with ZERO argument. Everything is done underneath.
- Secured and high performance: the default configuration is built based on h5bp configuration.
- High customizable: you can configure Nginx as you like without touching the bash script or docker image.
- Versatile: support multiple domains in the same server, automatic SSL refresh, automatic restart Nginx server if SSH certification is updated.
- Slack webhook notification if there is an error when refreshing the SSL certificate.
- Make sure there is no process listening to port
sudo netstat -tulnpor more precise with
sudo netstat -tulnp | grep :80 sudo netstat -tulnp | grep :443
- Change the DNS setting in your domain provider control panel to point to your server. This step is required to verify the SSL certificate
- Download the project from github repository
git clone https://github.com/tranvansang/ssl
- Go to the project directory
- Setup your domain and listening port
cp .env.example .env # edit .env cat .env
The environment file is as below with mydomain1.com myadmin.mydomain2.com are domain names, 8082 8081 are local listening port, respectively.
SLACK_WEBHOOOK_URL is a slack webhook URL to send an error if there is when refreshing an SSL certificate. If this variable is empty, the error will be printed locally only without sending it to the slack channel.
DOMAINS=mydomain1.com,myadmin.mydomain2.com PORTS=8082,8081 #slack webhook can be empty SLACK_WEBHOOK_URL=https://hooks.slack.com/services/TB1MYMSUX/some/hook-id EMAILemail@example.com CERTBOT_VER=v0.33.1 NGINX_VER=1.17.1 NGINX_DOCKER_FLAG=
- Now, execute
./run.shto start/restart the Nginx server
- To automatically check for SSL certificate update and server restart, add the following crontab via
0 15 * * * $HOME/ssl/watch.sh
In addition, to customize Nginx configuration. You need to do all steps above. Then, there will be a file named
build/ directory. Copy this file to the root directory of the project
cp build/nginx.conf ..
./nginx.conf with your own customization, then re-run
./run.sh. From now on customized configuration will be used to restart the Nginx server instead of the default.
How to stop the server
./run.sh stop to stop the running server.