Included steps for adding SSL certificate from a CA other than letsencrypt

2025-12-16 14:22:11 +01:00 · 2020-02-14 17:39:53 -05:00
parent 182e1a9f6c
commit 17e89295e3
5 changed files with 42 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
 /data*

 /nginx/log*
-/nginx/ssl*
 /nginx/sites-available*
 /nginx/sites-enabled*
 /nginx/letsencrypt/live/*
--- a/README.md
+++ b/README.md
@@ -175,7 +175,7 @@ For more information on what rake commands can be executed, see scalelite docume

 #### Build your own image

-If you don;t have access to the DockerHub registry, you can always build your own image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
+If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.

 ```
 cd <YOUR ROOT>/scalelite
@@ -190,3 +190,29 @@ cd <YOUR ROOT>/scalelite
 ```

 Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml.
+
+#### Setup SSL certificate from a CA other than letsencrypt
+
+For adding an SSL certificate from an CA other than letsencrypt,
+
+1. DO NOT execute the `./init-letsencrypt.sh` script
+
+2. Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as fullchain.pem and privkey.pem.
+E.g.
+```
+cd ~/
+cat your_domain_name.crt Intermediate.crt >> bundle.crt
+cp bundle.crt <YOUR ROOT>/scalelite/nginx/ssl/fullchain.pem
+cp private.key <YOUR ROOT>/scalelite/nginx/ssl/privkey.pem
+```
+
+3. Edit the template for nginx.
+```
+cd <YOUR ROOT>/scalelite
+vi nginx/sites.template
+```
+Comment the lines referencing the letsencrypt Certificate and uncomment the other two
+
+4. Comment out in `docker-compose.yml` the certbot container.
+
+5. Start the containers as usual.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,8 +14,11 @@ services:
      - ./nginx/sites.template:/etc/nginx/sites-available/sites.template
      - ./nginx/default/html:/var/www/html
      - ./nginx/log/nginx:/var/log/nginx
+## Configuration for Letsencrypt SSL Certificate
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
+## Configuration for Letsencrypt SSL Certificate
+#      - ./nginx/ssl/:/etc/ssl
    ports:
      - "80:80"
      - "443:443"
@@ -26,6 +29,8 @@ services:
    command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"


+## Configuration for Letsencrypt SSL Certificate
+## comment out when using an SSL Certificate from a CA other than Letsencrypt
  certbot:
    image: certbot/certbot
    volumes:
@@ -35,7 +40,7 @@ services:


  redis:
-    image: redis
+    image: redis:5.0-alpine
    restart: "no"
    ports:
      - 127.0.0.1:6379:6379
@@ -44,17 +49,16 @@ services:


  postgres:
-    image: postgres:9.5
+    image: postgres:11.7-alpine
    restart: "no"
    ports:
      - 127.0.0.1:5432:5432
    volumes:
      - ./data/postgres/:/var/lib/postgresql/data
    environment:
-      - PGHOST=postgres
-      - PGDATABASE=postgres
-      - PGUSER=postgres
-      - PGPASSWORD=password
+      - POSTGRES_DB=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=password


  scalelite.api:
--- a/nginx/sites.template
+++ b/nginx/sites.template
@@ -25,9 +25,14 @@ server {
    listen 443 ssl;
    listen [::]:443;

+    ## Configuration for Letsencrypt SSL Certificate
    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;

+    ## Configuration for SSL Certificate from a CA other than Letsencrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
    location / {
            proxy_pass  http://docker-scalelite;
            proxy_read_timeout 60s;
--- a/nginx/ssl/.placeholder_for_ssl_certificates
+++ b/nginx/ssl/.placeholder_for_ssl_certificates