letsencrypt
===========

[Let’s Encrypt][1] is a new Certificate Authority:
It’s free, automated, and open.

## docker-compose.yml

```
letsencrypt:
  image: quay.io/letsencrypt/letsencrypt
  command: auth
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - "/etc/letsencrypt:/etc/letsencrypt"
    - "/var/lib/letsencrypt:/var/lib/letsencrypt"
```

## up and running

```
# stop nginx
$ systemctl stop nginx

# generate keys
$ docker-compose run --rm --service-ports letsencrypt
>>> email: admin@datageek.info
>>> domains: datageek.info blog.datageek.info

# copy keys
$ mkdir -p /etc/nginx/ssl/
$ cp /etc/letsencrypt/live/datageek.info/fullchain.pem /etc/nginx/ssl/datageek.info.crt
$ cp /etc/letsencrypt/live/datageek.info/privkey.pem /etc/nginx/ssl/datageek.info.key

# reconfig nginx
$ vi /etc/nginx/sites-enabled/default
server {
        listen 80 default;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name datageek.info blog.datageek.info;
        ssl_certificate ssl/datageek.info.crt;
        ssl_certificate_key ssl/datageek.info.key;
        location / {
                proxy_pass http://127.0.0.1:8000;
        }
}

# start nginx
$ systemctl start nginx
```

## references

- https://letsencrypt.readthedocs.org/en/latest/using.html#running-with-docker
- https://docs.docker.com/compose/reference/run/
- http://nginx.org/en/docs/http/configuring_https_servers.html

[1]: https://letsencrypt.org/