In order to enable HTTPS, we need three additional files:
cert.pem- A CA-signed certificate from a trusted Certificate Authorityprivkey.pem- A private key associated with a valid certificatechain.pem- An additional certificate that make up the 'CA chain'
If you already have the above files, you can start here. If you don't, here you can learn how to get them (signed by Let's Encrypt) automatically and FREE by Cerbot or acme.sh.
We just need to make sure that the certificate files are located under the /etc/yabtt/ssl/ path in the container. We can easily do it by Docker's 'Bind mounts' function.
We need to store the certificate files in the same local directory (please make sure that the file name is correct) and bind the path into the container.
docker run -d \
--name yabtt \
-v /path/for/certs/:/etc/yabtt/ssl/ \
-p 8080:8080 \
ghcr.io/kubaryi/yabtt:latestOr run with Docker Compose:
---
version: 2.1
services:
yabtt:
image: ghcr.io/kubaryi/yabtt:latest
volumes:
- /path/for/certs/:/etc/yabtt/ssl/
container_name: yabtt
ports:
- 8080:8080If you don't have an available certificate yet, you can obtain one for free by Cerbot, the official ACME software provided by Let's Encrypt.
This certificate will be valid for 90 days. After expiration, Cerbot will automatically renew it for 90 days (as long as Cerbot does not shut down, it will be permanently valid).
As we recommend, it would be a good idea to deploy Cerbot as a container. To this end, Let's Encrypt provides an official Docker container. At the same time, Let's Encrypt has cooperation with many cloud service providers. If your network infrastructure provider is on this list, you can choose a container optimized specifically for your provider. For example, to use Certbot for Amazon Route 53, you'd use certbot/dns-route53.
---
version: 2.1
services:
certbot:
image: certbot/dns-route53
command: certonly --dns-route53 -d example.com --agree-tos
environment:
- AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
- AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
volumes:
- certificates:/etc/letsencrypt/live/example.com/
container_name: certbot
yabtt:
image: ghcr.io/kubaryi/yabtt:latest
volumes:
- certificates:/etc/yabtt/ssl/
container_name: yabtt
depends_on:
- certbot
ports:
- 8080:8080
volumes:
certificates:Read more documents about certbot/certbot.
Read more documents about certbot/dns-route53.
If you don't like Cerbot, you can also use acme.sh to obtain certificate files.
Similar to Cerbot, acme.sh also supports deploying it as a container, the same automatic renew when the certificate expires. It also supports Amazon Route 53.
---
version: 2.1
services:
acme.sh:
image: neilpang/acme.sh
command: --issue --dns dns_aws -d example.com
environment:
- AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
- AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
volumes:
- certificates:/acme.sh
container_name: acme.sh
yabtt:
image: ghcr.io/kubaryi/yabtt:latest
volumes:
- certificates:/etc/yabtt/ssl/
container_name: yabtt
depends_on:
- acme.sh
ports:
- 8080:8080
volumes:
certificates:The official documents for acme.sh/
Learn more about run acme.sh in container.
Learn more about use Amazon Route53 domain API.
He is Peter Eckersley.
He and his friends founded Let's Encrypt.
His work allows every website to obtain HTTPS certificates for free.
Unfortunately, he died on September 2, 20221.
Let's say: Thank you, Peter!