Changes in 0477c30: Updated haproxy-letsencrypt-docker.md

				haproxy-letsencrypt-docker.md
			
          @@ -228,8 +228,10 @@ Test port 443 from the docker host with:

           `openssl s_client -connect localhost:443 | openssl x509 -text`

           and you should see your cert if all has gone well.

          +Bring haproxy back down with `docker-compose stop` so we've got a clean slate for the next stage.

          +

           # Stage 3 - automatic cert renewal

          -So far we've got haproxy up, with certs, and everything is [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).

          +So far we've got haproxy up, with certs, and everything is just [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).

           Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#thou-shalt-automate-everything). We'll need a container that can:

           * See the certificates we already have

           * Renew them

          @@ -282,5 +284,14 @@ What doing?

           * We're mounting the letsencrypt volume back up at /etc/letsencrypt

           * The docker socket from the host is mounted at /var/run/docker.sock. This lets us do docker operations from inside the container.

           * There's a small sleep to let haproxy start up (ewww, but also, whatever), then we attempt a renew and run the deploy-hook script (see stage 1) if anything changed.

          -* The deploy-hook script cats the cert chain and key into an haproxy style .pem file, then sends a SIGHUP via the docker command to the haproxy container, causing it to re-read its config

          +* The deploy-hook script (see stage 1) cats the cert chain and key into an haproxy style .pem file, then sends a SIGHUP via the docker command to the haproxy container, telling it to re-read its config

           * The container is granted privileged permissions to let the docker socket work

          +

          +## Go!

          +Run `docker-compose up` to bring up haproxy and the letsencrypt container. certbot will (after 10 seconds) read the current certs and decide there's nothing to do, then go to sleep for a day. haproxy should start up and tell you nice things about the letsencrypt backend being up.

          +

          +# Next?

          +Add your choice of backends and containers to docker-compose.yml and haproxy.cfg, and go about your business.

          +

          +# Relax

          +

...	...	@@ -228,8 +228,10 @@ Test port 443 from the docker host with:
228	228	`openssl s_client -connect localhost:443 \| openssl x509 -text`
229	229	and you should see your cert if all has gone well.
230	230
	231	+Bring haproxy back down with `docker-compose stop` so we've got a clean slate for the next stage.
	232	+
231	233	# Stage 3 - automatic cert renewal
232		-So far we've got haproxy up, with certs, and everything is [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).
	234	+So far we've got haproxy up, with certs, and everything is just [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).
233	235	Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#thou-shalt-automate-everything). We'll need a container that can:
234	236	* See the certificates we already have
235	237	* Renew them
...	...	@@ -282,5 +284,14 @@ What doing?
282	284	* We're mounting the letsencrypt volume back up at /etc/letsencrypt
283	285	* The docker socket from the host is mounted at /var/run/docker.sock. This lets us do docker operations from inside the container.
284	286	* There's a small sleep to let haproxy start up (ewww, but also, whatever), then we attempt a renew and run the deploy-hook script (see stage 1) if anything changed.
285		-* The deploy-hook script cats the cert chain and key into an haproxy style .pem file, then sends a SIGHUP via the docker command to the haproxy container, causing it to re-read its config
	287	+* The deploy-hook script (see stage 1) cats the cert chain and key into an haproxy style .pem file, then sends a SIGHUP via the docker command to the haproxy container, telling it to re-read its config
286	288	* The container is granted privileged permissions to let the docker socket work
	289	+
	290	+## Go!
	291	+Run `docker-compose up` to bring up haproxy and the letsencrypt container. certbot will (after 10 seconds) read the current certs and decide there's nothing to do, then go to sleep for a day. haproxy should start up and tell you nice things about the letsencrypt backend being up.
	292	+
	293	+# Next?
	294	+Add your choice of backends and containers to docker-compose.yml and haproxy.cfg, and go about your business.
	295	+
	296	+# Relax
	297	+