4f9b47c5c83c58cbb4abb2aa4b2ec4abd9fafece
haproxy-letsencrypt-docker.md
| ... | ... | @@ -301,8 +301,38 @@ What doing? |
| 301 | 301 | Run `docker-compose up` to bring up haproxy and the letsencrypt container. certbot will (after 10 seconds) read the current certs and decide there's nothing to do, then go to sleep for a day. |
| 302 | 302 | haproxy should start up and tell you nice things about the letsencrypt backend being available. |
| 303 | 303 | |
| 304 | +# Add (or remove) domains and containers |
|
| 305 | +You're on your own with the container, but haproxy and certbot config we can do |
|
| 306 | + |
|
| 307 | +Make sure the new domain's A record is pointing at haproxy's IP. |
|
| 308 | + |
|
| 309 | +Add the new domain to haproxy.conf: |
|
| 310 | +``` |
|
| 311 | +... |
|
| 312 | + acl logs_hdr hdr(host) -i new.domain.com |
|
| 313 | +... |
|
| 314 | + use_backend new-container if logs_hdr |
|
| 315 | +... |
|
| 316 | + backend new-container |
|
| 317 | + server new-container1 new-container:6666 resolvers docker check |
|
| 318 | +``` |
|
| 319 | + |
|
| 320 | +Bring up the new container, the HUP haproxy to read the new config: |
|
| 321 | +`docker kill -s SIGHUP haproxy` |
|
| 322 | + |
|
| 323 | +Log into the letsencrypt container: |
|
| 324 | +`docker exec -ti letsencrypt bash` |
|
| 325 | + |
|
| 326 | +Then run certbot with the new domain: |
|
| 327 | +``` |
|
| 328 | +certbot --standalone --expand \ |
|
| 329 | + -d "domain1.example.com" \ |
|
| 330 | + -d "domain2.example.com" \ |
|
| 331 | + -d "new.domain.com" |
|
| 332 | +``` |
|
| 333 | + |
|
| 304 | 334 | # Next? |
| 305 | -Add your choice of backends and containers to haproxy.cfg and docker-compose.yml, and go about your business. |
|
| 335 | +Do what you like. I'm not the boss of you. |
|
| 306 | 336 | |
| 307 | 337 | # Relax |
| 308 | 338 |