I have a wordpress website running in a docker instance in azure. It’s running over HTTP and I would like to add HTTPS for it.
This can be done easier by a few commands.
// Run companion which used to generate SSL certificate from letsencrypt.org, replace /home/fennng/certs to your own chosen path on your linux host.
sudo docker run \
–name companion \
-v /home/fennng/certs:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
–volumes-from nginx-proxy \
//Run a new wordpress container instance. Because my wordpress files are hosted on azure file and can be mounted as a volume, I can run wordpress instance as many as I want. They will use same wordpress file and connect to the same db.
sudo docker volume create -d azurefile –name vol3 -o share=wpacishare
docker stop wp2 && docker rm wp2 && \
sudo docker run -d –name wp2 \
-e VIRTUAL_HOST=www.dengnz.com \
-e “LETSENCRYPT_HOST=www.dengnz.com” \
-e “LETSENCRYPT_EMAIL=youremail_address” \
-v vol3:/var/www/html -p 8082:80 wordpress
Stop the original wordpress instance and run nginx-proxy. Do not delete the old wordpress container, in case there is an incident, we can start it again. Your nginx server has to listen to port 80 for letsencrypt to verify the domain. The port 80 must be public.
docker stop wp && \
sudo docker run -p 80:80 -p 443:443 \
–name nginx-proxy \
-v /home/fennng/certs:/etc/nginx/certs:ro \
-v /etc/nginx/vhost.d \
-v /usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
–label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
Now just wait a moment,
Your certificate will be generated in a few seconds
You will see something like this in your nginx log, which is a request from letsencrypt to verify your domain.
www.dengnz.com 22.214.171.124 – – [26/Apr/2018:10:53:10 +0000] “GET /.well-known/acme-challenge/uFc
QYMADRKPwxgg_CeLKMRfdAaNpT23hsY4OH3NikFo HTTP/1.1″ 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
Your HTTPS should be working now. Don’t forget to have both of your 80 and 443 exposed to public.
Although the certificate generated by let’s Encrypt only valid for 3 months, you don’t have to worry about it because the certificate will be renewed automatically.