Recently, due to the need of multiple servers/domains management personally, I feel waste of time to config the server one by one. Especially, when server restart, migration, upgrade, SSL certificate update.
Thus, I have made a github project to accomplish this task automatically. This project has following advantages
- Almost zero dependence: all you need is docker. It even does not require any reversed proxy server like nginx, apache (httpd) installed.
- Simple usage: : all operations are accomplished in just ONE command with ZERO argument. Everything is done underneath.
- Secured and high performance: the default configuration is built based on h5bp configuration.
- High customizable: you can config nginx as you like without touching the bash script or docker image.
- Versatile: support multiple domains in same server, automatic SSL refresh, automatic restart nginx server if SSH certification is updated.
- Open source
- Slack web hook notification if there is error when refreshing SSL certificate.
- Make sure there is no process listening to port
sudo netstat -tulnpor more precise with
sudo netstat -tulnp | grep :80 sudo netstat -tulnp | grep :443
- Change DNS setting in your domain provider control panel to point to your server. This step is required to verify SSL certificate
- Download the project from github repository
git clone https://github.com/tranvansang/ssl
- Go to the project directory
- Setup your domain and listening port
cp .env.example .env # edit .env cat .env
The environment file is as below with mydomain1.com myadmin.mydomain2.com are domain names, 8082 8081 are local listening port, respectively.
SLACK_WEBHOOOK_URL is slack web hook url to send error if there is when refreshing SSL certificate. If this variable is empty, the error will be printed locally only without sending to slack channel.
DOMAINS=mydomain1.com,myadmin.mydomain2.com PORTS=8082,8081 #slack webhook can be empty SLACK_WEBHOOK_URL=https://hooks.slack.com/services/TB1MYMSUX/some/hook-id EMAILfirstname.lastname@example.org CERTBOT_VER=v0.33.1 NGINX_VER=1.17.1 NGINX_DOCKER_FLAG=
- Now, execute
./run.shto start/restart the nginx server
- To automatically check for SSL certificate update and server restart, add following crontab via
0 15 * * * $HOME/ssl/watch.sh
In addition, to customize nginx configuration. You need to do all steps above. Then, there will be a file named
build/ directory. Copy this file to the root directory of the project
cp build/nginx.conf ..
./nginx.conf with your own customization, then re-run
./run.sh. From now on customized configuration will be used to restart the nginx server instead of the default.
How to stop the server
./run.sh stop to stop the running server.