Created
February 7, 2018 22:25
-
-
Save ledil/b23eadaf16ed4fd80bed2809689cd8ea to your computer and use it in GitHub Desktop.
haproxy + letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# first haproxy entry | |
frontend fe-scalinglaravel | |
bind *:80 | |
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
use_backend letsencrypt-backend if letsencrypt-acl | |
default_backend test | |
# LE Backend | |
backend letsencrypt-backend | |
server letsencrypt 127.0.0.1:8888 | |
# Normal (default) Backend | |
# for web app servers | |
backend test | |
# Config omitted here | |
# sudo certbot certonly --standalone -d testo.de -d www.testo.de \ | |
--non-interactive --agree-tos --email lala@lala.de \ | |
--http-01-port=8888 | |
sudo mkdir -p /etc/ssl/testo.de | |
sudo cat /etc/letsencrypt/live/www.testo.de/fullchain.pem \ | |
/etc/letsencrypt/live/www.testo.de/privkey.pem \ | |
| sudo tee /etc/ssl/www.testo.de/www.testo.de.pem | |
# new haproxy config | |
frontend fe-scalinglaravel | |
bind *:80 | |
bind *:443 ssl crt /etc/ssl/www.testo.de/www.testo.de.pem | |
redirect scheme https code 301 if !{ ssl_fc } | |
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
use_backend letsencrypt-backend if letsencrypt-acl | |
default_backend test | |
# LE Backend | |
backend letsencrypt-backend | |
server letsencrypt 127.0.0.1:8888 | |
backend test | |
# Config omitted here | |
# put this in /etc/cron.d/certbot | |
0 0 1 * * root bash /opt/update-certs.sh | |
# create /opt/update-certs.sh | |
#!/usr/bin/env bash | |
certbot renew --force-renewal --tls-sni-01-port=8888 | |
bash -c "cat /etc/letsencrypt/live/www.testo.de/fullchain.pem /etc/letsencrypt/live/www.testo.de/privkey.pem > /etc/ssl/www.testo.de/www.testo.de.pem" | |
service haproxy reload | |
# service cron restart | |
# service haproxy reload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment