haproxy-letsencrypt-docker.md
... ...
@@ -54,18 +54,6 @@ RUN chmod +x /deploy-hook
54 54
55 55
Note we're installing the docker.io package, and copying in a script. We'll need them later on. We could probably use the official certbot image, but chances are you'll already have 'ubuntu:latest' in-cache, so we might as well use it.
56 56
57
-## deploy-hook
58
-The letsencrypt/deploy-hook script looks like:
59
-
60
-```sh
61
-#!/usr/bin/env bash
62
-
63
-cat /etc/letsencrypt/live/domain1.example.com/fullchain.pem \
64
- /etc/letsencrypt/live/domain1.example.com/privkey.pem \
65
- > /etc/letsencrypt/haproxy.pem \
66
-&& docker kill -s HUP haproxy
67
-```
68
-
69 57
## docker-compose-stage1.yml
70 58
To run the container, we'll wrap it up in a docker-compose file called `docker-compose-stage1.yml`. Put this in your current directory:
71 59
... ...
@@ -103,6 +91,18 @@ Things of note:
103 91
3. The command concatenates the cert chain and private key into a format that haproxy understands, and dumps it out into the mounted /etc/letsencrypt volume.
104 92
4. certbot names the certs for the first domain specified, so that ends up in all of the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules#love-thy-defaults).
105 93
94
+## deploy-hook
95
+The letsencrypt/deploy-hook script looks like:
96
+
97
+```sh
98
+#!/usr/bin/env bash
99
+
100
+cat /etc/letsencrypt/live/domain1.example.com/fullchain.pem \
101
+ /etc/letsencrypt/live/domain1.example.com/privkey.pem \
102
+ > /etc/letsencrypt/haproxy.pem \
103
+&& docker kill -s HUP haproxy
104
+```
105
+
106 106
## Go!
107 107
Run: `docker-compose -f docker-compose-stage1.yml up` and you should hopefully see a message like the following after a couple of seconds:
108 108