Assumes FQDN of deleteme2-certbot-nginx-cht.plip.com
and a CHT SSL docker volume of cht_cht-ssl
. Both are configurable in the .env
file for certbot service.
-
provision Ubuntu 22.04 w/ Public IP and FQDN
-
install docker
curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh
-
Install CHT, create dirs, env file, compose files:
sudo apt-get install wamerican mkdir -p /home/ubuntu/cht/{compose,certs,upgrade-service,couchdb} couchdb_secret=$(shuf -n7 /usr/share/dict/words --random-source=/dev/random | tr '\n' '-' | tr -d "'" | cut -d'-' -f1,2,3,4,5,6,7) couchdb_password=$(shuf -n7 /usr/share/dict/words --random-source=/dev/random | tr '\n' '-' | tr -d "'" | cut -d'-' -f1,2,3,4,5,6,7) cat > /home/ubuntu/cht/upgrade-service/.env << EOF CHT_COMPOSE_PROJECT_NAME=cht COUCHDB_SECRET=${couchdb_secret} DOCKER_CONFIG_PATH=/home/ubuntu/cht/upgrade-service COUCHDB_DATA=/home/ubuntu/cht/couchdb CHT_COMPOSE_PATH=/home/ubuntu/cht/compose COUCHDB_USER=medic COUCHDB_PASSWORD=${couchdb_password} COUCHDB_UUID=${uuid} EOF cd /home/ubuntu/cht/ curl -s -o ./compose/cht-core.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:8099-nginx-certbot/docker-compose/cht-core.yml curl -s -o ./compose/cht-couchdb.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:8099-nginx-certbot/docker-compose/cht-couchdb.yml curl -s -o ./upgrade-service/docker-compose.yml https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml
-
start CHT services:
cd /home/ubuntu/cht/upgrade-service docker compose up --detach
-
test
.well-known
works inside the container CHT nginx container:echo "should show 'hello world':" curl http://deleteme2-certbot-nginx-cht.plip.com/.well-known/acme-challenge/index.html
-
create certbot compose and env file
mkdir -p /home/ubuntu/cht/certbot cd /home/ubuntu/cht/certbot cat > docker-compose.yml << EOF version: '3.9' services: certbot: container_name: certbot hostname: certbot image: certbot/certbot volumes: - ssl-storage:/etc/nginx/private/ - ssl-storage:/var/log/letsencrypt/ command: certonly --debug --deploy-hook /etc/nginx/private/deploy.sh --webroot -w /etc/nginx/private/certbot/ --domain \$DOMAIN --non-interactive --key-type rsa --agree-tos --register-unsafely-without-email \$STAGING volumes: ssl-storage: name: \${CHT_SSL_VOLUME} external: true EOF cat > .env << EOF DOMAIN=deleteme2-certbot-nginx-cht.plip.com STAGING= CHT_SSL_VOLUME=cht_cht-ssl TZ=America/Whitehorse EOF
-
generate certs
docker compose up
-
reload
nginx
docker exec -it cht_nginx_1 nginx -s reload
poc.mp4