Recently, due to the need of multiple servers/domains management personally, I feel waste of time to config the server one by one. Especially, when server restart, migration, upgrade, SSL certificate update.

Thus, I have made a github project to accomplish this task automatically. This project has following advantages

  • Almost zero dependence: all you need is docker. It even does not require any reversed proxy server like nginx, apache (httpd) installed.
  • Simple usage: : all operations are accomplished in just ONE command with ZERO argument. Everything is done underneath.
  • Secured and high performance: the default configuration is built based on h5bp configuration.
  • High customizable: you can config nginx as you like without touching the bash script or docker image.
  • Versatile: support multiple domains in same server, automatic SSL refresh, automatic restart nginx server if SSH certification is updated.
  • Open source
  • Slack web hook notification if there is error when refreshing SSL certificate.

Usage

  • Make sure there is no process listening to port 80 or 443 via sudo netstat -tulnp or more precise with
sudo netstat -tulnp | grep :80
sudo netstat -tulnp | grep :443
  • Change DNS setting in your domain provider control panel to point to your server. This step is required to verify SSL certificate
  • Download the project from github repository
git clone https://github.com/tranvansang/ssl
  • Go to the project directory cd ssl
  • Setup your domain and listening port
cp .env.example .env
#edit .env
cat .env

The environment file is as below with mydomain1.com myadmin.mydomain2.com are domain names, 8082 8081 are local listening port, respectively.
SLACK_WEBHOOOK_URL is slack web hook url to send error if there is when refreshing SSL certificate. If this variable is empty, the error will be printed locally only without sending to slack channel.

DOMAINS=mydomain1.com,myadmin.mydomain2.com
PORTS=8082,8081
#slack webhook can be empty
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/TB1MYMSUX/some/hook-id
EMAIL=info@transang.me

CERTBOT_VER=v0.33.1
NGINX_VER=1.17.1
NGINX_DOCKER_FLAG=
  • Now, execute ./run.sh to start/restart the nginx server
  • To automatically check for SSL certificate update and server restart, add following crontab via crontab -e
0 15 * * * $HOME/ssl/watch.sh

Customization

In addition, to customize nginx configuration. You need to do all steps above. Then, there will be a file named nginx.conf in build/ directory. Copy this file to the root directory of the project cp build/nginx.conf ..

Modify ./nginx.conf with your own customization, then re-run ./run.sh. From now on customized configuration will be used to restart the nginx server instead of the default.

How to stop the server

Run ./run.sh stop to stop the running server.

Happy coding!

xem tiếng việt