config
Use the
nginx-le config command to configure you Nginx-LE container.When you run config, Nginx-LE will destroy and create a new container with the new settings.
When running
nginx-le config you will prompted to answer a no. of questionsEnter the fully qualified domain name of your nginx-le host.
e.g. www.noojee.com.au
Enter the top level domain (TLD) for your nginx-le host.
Examples
FQDN | TLD |
www.noojee.com.au | com.au |
www.noojee.org | org |
Enter the web servers mode. This is either public or private.
A public web server is one that can be reached (directly or via NAT etc) via a public ip address.
A private web server is one that can only be reached via a private ip address.
Nginx-le allows you to acquire a wild card certificate (*.noojee.com.au) or a FQDN certificate (www.noojee.com.au).
You should only use a wild card certificates if you have multiple web servers running of the same domain.
Certbot normally expects you to manually distribute wildcard certificates within your own organisations so the wild card option is only usable with nginx-le in limited circumstances.
Lets you choose the type of certificate to acquire.
Select production to get a production certificate.
Select staging to get a staging/test certificate.
Use this staging option if you are destroying/recreating your web server during testing. Certbot has hard limits on the no. of production certificates you can acquire per day (5 per day) where you can get a far larger no. of staging certificates.
To acquire a LetsEncrypt certificate you must be able to prove that you own the domain for which the certificate is being issued.
Nginx-LE supports a number of Certbot Authentication methods (Auth Providers).
Auth Provider | Usage Case | Description |
HTTP01Auth | For a public web server using a FQDN certificate. | Your web server must be accessible on a public ip address. This is the simplest form of validation as it works with any DNS provider. Port 80 must be open. |
cloudflare | For public and private web servers. Supports FQDN and wildcard certificates. | The most flexible auth provider, your DNS must be hosted with Cloudflare. |
namecheap | For public and private web servers. Supports FQDN and wildcard certificates. | Not recommended. The namecheap api is dangerous and currently limited to domains that have no more than 10 A records. |
The configure command lets you set how the content is to be served.
Nginx-LE supports four types of Content Providers
Provider | Description |
Static | Serve static web content from a local folder. |
Generic Proxy | Pass requests through to a Web Application server that can respond to HTTP requests. This is normally on the same host as the Nginx-LE server as the connection is not encrypted. |
Tomcat Proxy | Pass requests to a local Tomcat web application server on port 8080. |
Custom | Allows you to configure your own Nginx location and upstream settings. |
The static Content Provider allows you to serve static content from a local directory (e.g. index.html)
The Static Content Provider will request the path to your static content and the default html file.
The Generic proxy Content Provider allows you to proxy requests through to a web application server.
The Nginx-LE container exposes the secure HTTPS connection and then passes all requests through to your web application server via HTTP.
Please note that normally you need to select a port other than 80 as Nginx-LE needs to accept requests on port 80 for certificate acquisition and renewals.
Designed to work with the java based Tomcat Web application Server.
The Tomcat proxy allows you to configure the port and context the Tomcat server operates on.
By default nginx-le configures nginx to look for files in
/opt/nginx/include on the host system. Change the path to have nginx-le load the include files from a different directory.The start paused option is mainly used by the Nginx-LE team for diagnosing startup issues.
When you place Nginx-LE into start paused mode it will not start the nginx server nor attempt to acquire a certificate.
Once you start Nginx-LE in paused mode you can attach to the Nginx-LE docker container and explore its configuration.
You can connect to the Nginx-LE container (even when not in paused mode) by running
nginx-le cli.Enter an email address where errors are emailed to.
The FQDN of your SMTP Server which will be used to notify errors.
The Port of your SMTP Server which will be used to notify errors.
Select the method by which you are going to start Nginx-LE
Method | Description |
nginx-le start | The simplest method. nginx-le config will create a container. Use nginx-le start and nginx-le stop to start/stop the container. |
docker start/run | nginx-le config will create a container. Use docker start and docker stop to start/stop the container. |
docker-compose | docker-compose up will create and start the container. See the section on docker-compose for details |
The
config command saves each of the entered settings so that you don't have to pass them when running other commands.Allows you to choose which version of nginx-le docker image to run. Mostly you should choose 'latest'.
Last modified 1yr ago