mirror of
https://github.com/langgenius/dify.git
synced 2024-11-16 03:32:23 +08:00
77 lines
2.0 KiB
Markdown
77 lines
2.0 KiB
Markdown
# Launching new servers with SSL certificates
|
|
|
|
## Short description
|
|
|
|
docker compose certbot configurations with Backward compatibility (without certbot container).
|
|
Use `docker compose --profile certbot up` to use this features.
|
|
|
|
## The simplest way for launching new servers with SSL certificates
|
|
|
|
1. Get letsencrypt certs
|
|
set `.env` values
|
|
```properties
|
|
NGINX_SSL_CERT_FILENAME=fullchain.pem
|
|
NGINX_SSL_CERT_KEY_FILENAME=privkey.pem
|
|
NGINX_ENABLE_CERTBOT_CHALLENGE=true
|
|
CERTBOT_DOMAIN=your_domain.com
|
|
CERTBOT_EMAIL=example@your_domain.com
|
|
```
|
|
execute command:
|
|
```shell
|
|
docker network prune
|
|
docker compose --profile certbot up --force-recreate -d
|
|
```
|
|
then after the containers launched:
|
|
```shell
|
|
docker compose exec -it certbot /bin/sh /update-cert.sh
|
|
```
|
|
2. Edit `.env` file and `docker compose --profile certbot up` again.
|
|
set `.env` value additionally
|
|
```properties
|
|
NGINX_HTTPS_ENABLED=true
|
|
```
|
|
execute command:
|
|
```shell
|
|
docker compose --profile certbot up -d --no-deps --force-recreate nginx
|
|
```
|
|
Then you can access your serve with HTTPS.
|
|
[https://your_domain.com](https://your_domain.com)
|
|
|
|
## SSL certificates renewal
|
|
|
|
For SSL certificates renewal, execute commands below:
|
|
|
|
```shell
|
|
docker compose exec -it certbot /bin/sh /update-cert.sh
|
|
docker compose exec nginx nginx -s reload
|
|
```
|
|
|
|
## Options for certbot
|
|
|
|
`CERTBOT_OPTIONS` key might be helpful for testing. i.e.,
|
|
|
|
```properties
|
|
CERTBOT_OPTIONS=--dry-run
|
|
```
|
|
|
|
To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates.
|
|
|
|
```shell
|
|
docker compose --profile certbot up -d --no-deps --force-recreate certbot
|
|
docker compose exec -it certbot /bin/sh /update-cert.sh
|
|
```
|
|
|
|
Then, reload the nginx container if necessary.
|
|
|
|
```shell
|
|
docker compose exec nginx nginx -s reload
|
|
```
|
|
|
|
## For legacy servers
|
|
|
|
To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option.
|
|
|
|
```shell
|
|
docker compose up -d
|
|
```
|