mirror of
https://gitee.com/dify_ai/dify.git
synced 2024-12-05 04:38:37 +08:00
.. | ||
docker-entrypoint.sh | ||
README.md | ||
update-cert.template.txt |
Launching new servers with SSL certificates
Short description
Docker-compose certbot configurations with Backward compatibility (without certbot container).
Use docker-compose --profile certbot up
to use this features.
The simplest way for launching new servers with SSL certificates
- Get letsencrypt certs
set.env
values
execute command:NGINX_SSL_CERT_FILENAME=fullchain.pem NGINX_SSL_CERT_KEY_FILENAME=privkey.pem NGINX_ENABLE_CERTBOT_CHALLENGE=true CERTBOT_DOMAIN=your_domain.com CERTBOT_EMAIL=example@your_domain.com
then after the containers launched:sudo docker network prune sudo docker-compose --profile certbot up --force-recreate -d
sudo docker-compose exec -it certbot /bin/sh /update-cert.sh
- Edit
.env
file andsudo docker-compose --profile certbot up
again.
set.env
value additionally
execute command:NGINX_HTTPS_ENABLED=true
Then you can access your serve with HTTPS.sudo docker-compose --profile certbot up -d --no-deps --force-recreate nginx
https://your_domain.com
SSL certificates renewal
For SSL certificates renewal, execute commands below:
sudo docker-compose exec -it certbot /bin/sh /update-cert.sh
sudo docker-compose exec nginx nginx -s reload
Options for certbot
CERTBOT_OPTIONS
key might be helpful for testing. i.e.,
CERTBOT_OPTIONS=--dry-run
To apply changes to CERTBOT_OPTIONS
, regenerate the certbot container before updating the certificates.
sudo docker-compose --profile certbot up -d --no-deps --force-recreate certbot
sudo docker-compose exec -it certbot /bin/sh /update-cert.sh
Then, reload the nginx container if necessary.
sudo docker-compose exec nginx nginx -s reload
For legacy servers
To use cert files dir nginx/ssl
as before, simply launch containers WITHOUT --profile certbot
option.
sudo docker-compose up -d