Commit a471bdd9 authored by Mikaël Salson's avatar Mikaël Salson
Browse files

doc/server.md: Improve documentation for using certbot

parent b79b98b6
......@@ -170,9 +170,23 @@ You can achieve this with the following steps:
+ If you are using the `postfix` container you may want to generate certificates (using the same process) and place them in `postfix/ssl`.
The certificates must bear the name of your mail domain (<maildomain>.crt and <maildomain>.key)
- A better option is to use other certificates, for example by configuring free [Let's Encrypt](https://letsencrypt.org/) certificates;
In `docker-compose.yml`, update `nginx.volumes`, line `./vidjil-client/ssl:/etc/nginx/ssl`, to set the directory with the certificates.
The same can be done for the `postfix` container.
- A better option is to use other certificates, for example by configuring free [Let's Encrypt](https://letsencrypt.org/) certificates.
One solution is to use `certbot` on the host to generate the certificates and to copy them in the right directory so that the container
can access it.
However to check the integrity of the host, `certbot` needs to set up a challenge.
Thus, Nginx needs to provide specific files that are generated by `certbot`.
To do so, you should tell `certbot` to put those files in the `/opt/vidjil/certs`
directory (this can be changed in the `docker-compose.yml` file.
You can generate the certificates with the command `certbot certonly --webroot -w /opt/vidjil/certs -d myvidjil.org`.
Then
```shell
cp /etc/letsencrypt/live/vdd.vidjil.org/fullchain.pem vidjil-client/ssl/web2py.crt
cp /etc/letsencrypt/live/vdd.vidjil.org/privkey.pem vidjil-client/ssl/web2py.key
```
The certificates can be renewed with `certbot renew` but beware to copy the certificates after that.
If necessary, in `docker-compose.yml`, update `nginx.volumes`, line `./vidjil-client/ssl:/etc/nginx/ssl`, to set the directory with the certificates.
The same can be done for the `postfix` container.
If you would prefer to use the vidjil over HTTP (not recommended outside of testing purposes), you can
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment