Docker cookbook
Simplify complex tasks with docker
Not only is Docker awesome because it allows you to create your own images and manage your deployments in a variety of ways, but its containerization features can also be used to perform complex tasks without having to install the required binaries on your system. Here are a few tried and tested recipes that illustrate this principle.
# local custom /etc and /var directories equivalents
localetc="./certbot-mount-etc"
localvar="./certbot-mount-var"
domain="mydomain.gg"
# use docker and certbot to create an ecdsa private key and certificate
# - the certificate chain will be authentified by letsencrypt
# - auto validate letsencrypt terms of service
# - force certificate renewal if existing
# - do not indicate domain owner email
# - use ECDSA as a public key algorithm for key pair generation
# - use elliptic curve NIST P-256 (secp256r1 / prime256v1)
# - indicate domain to certify ...
docker container run \
-p 80:80 \
--mount "type=bind,source=$localetc,target=/etc/letsencrypt,ro=false" \
--mount "type=bind,source=$localvar,target=/var/lib/letsencrypt,ro=false" \
--name certbot \
-it --rm \
certbot/certbot certonly \
--agree-tos \
--force-renewal \
--register-unsafely-without-email \
--key-type ecdsa \
--elliptic-curve secp256r1 \
--domain "$domain" \
--domain "www.$domain"
# change permissions on output folder
sudo chown -R $LOGNAME: "$localetc" && sudo -k
# verify private key details
openssl pkey -in "$localetc/live/$domain/privkey.pem" -text -noout
# verify certificate chain details
openssl x509 -in "$localetc/live/$domain/fullchain.pem" -text -noout