SexyCoders/proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
proxy/README.md
server-hotfix 1369504543 fixed readme
2025-06-18 17:32:10 +00:00

109 lines
3.3 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Nginx + Certbot + ACMEDNS Proxy Stack
*[Full documentation → docs site](https://youruser.github.io/proxy-stack/)*
Simple reverseproxy setup packaged in a single Docker image. Nginx handles HTTP/S and TCP/UDP streams; Certbot issues and renews Lets Encrypt certificates via ACMEDNS (DNS01). packaged in a single Docker image. Nginx handles HTTP/S and TCP/UDP streams; Certbot issues and renews Lets Encrypt certificates via ACMEDNS (DNS01).
---
## Whats in this repo
| Path / file | Purpose |
| ------------------- | ---------------------------------------------------- |
| `dockerfile.debian` | Builds the image (Debian slim + Nginx + Certbot) |
| `compose.yml` | Oneservice Docker Compose file |
| `acme-dns-auth.py` | Helper script called by Certbot for DNS01 |
| `certbot-runner` | Convenience wrapper to open a shell in the image |
| `conf.d/` | **Not tracked** drop HTTP/S vhost configs here |
| `stream.d/` | **Not tracked** drop stream (TCP/UDP) configs here |
| `letsencrypt/` | Empty volume for keys/certs (gitignored) |
| `work/` | Certbot cache (gitignored) |
---
## Prerequisites
* Docker 24 or later
* Docker Compose v2 (or Docker Swarm if you prefer)
---
## Quick start (single node)
```bash
# clone
$ git clone https://github.com/youruser/proxy-stack.git
$ cd proxy-stack
# create runtime dirs so volume binds dont fail
$ mkdir -p letsencrypt work
# build the image (or pull one you published)
$ docker build -t proxy:latest -f dockerfile.debian .
# start Nginx + Certbot
$ IMAGE_NAME=proxy:latest docker compose up -d
# obtain an initial certificate (DNS01)
$ DOMAIN=example.com ./certbot-runner
# follow the prompts → add the TXT/CNAME → press <enter>
```
When certificates renew, Certbot reloads Nginx automatically.
---
## Certificates (DNS01 quick guide)
```bash
# Run inside the container (root)
certbot certonly \
--manual \
--manual-auth-hook /etc/letsencrypt/acme-dns-auth.py \
--preferred-challenges dns \
--debug-challenges \
-d '*.your-domain' -d your-domain
```
1. The hook registers (or reuses) an **acmedns** account and prints a CNAME like:
```text
_acme-challenge.your-domain. CNAME 8a1b12c3-...acme-dns.io.
```
2. Create that CNAME in *your* authoritative DNS zone (or update if it exists).
3. Press **<Enter>** Certbot validates, stores the certs under
`/etc/letsencrypt/live/your-domain/`, and reloads Nginx.
Thats it future renewals happen automatically (`certbot renew`).
---
## Directory rules
Everything that contains private keys or runtime state is ignored by Git:
```text
letsencrypt/ # keys, certs, renewal configs
work/ # Certbot cache
conf.d/ # your real vhosts ignored
stream.d/ # your real stream configs ignored
```
Provide examples by naming them `*.example.conf`; those are the only files tracked inside `conf.d/` and `stream.d/`.
---
## Updating
```bash
# Rebuild image when Nginx or Certbot update
$ docker build -t proxy:latest . && docker compose up -d
```
---
## License
Released under **GPL2.0** see `LICENSE` for full text.
Reference in a new issue View git blame Copy permalink