Changes in c32fc45: Updated haproxy-letsencrypt-docker.md

				haproxy-letsencrypt-docker.md
			
          @@ -91,7 +91,7 @@ Things of note:

           * certbot listens on port 8000, which docker is mapping to port 80 and making available to the outside world for Let's Encrypt to talk to. We don't need port 443 mapped, because this is an initial request and Let's Encrypt should be fine with just port 80.

           * We're attaching a docker volume to /etc/letsencrypt - that's where the certs end up, and that's how we'll make them available to haproxy.

           * The command concatenates the cert chain and private key into a format that haproxy understands, and dumps it out into the mounted /etc/letsencrypt volume.

          -* certbot names the certs for the first domain specified, so that ends up in all of the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules#love-thy-defaults).

          +* certbot names the certs for the first domain specified, so that ends up in all of the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules#1-love-thy-defaults).

           ## deploy-hook

           The `letsencrypt/deploy-hook` script looks like:

          @@ -121,7 +121,7 @@ We've got ourselves some certs so it's time to fire up haproxy and enjoy all the

           ## Dockerfile

           We don't need one.

           Because we're using the official image.

          -Because we're adhering to [rule 1](/rules#love-thy-defaults).

          +Because we're adhering to [rule 1](/rules#1-love-thy-defaults).

           ## haproxy.cfg

           Do an `mkdir -p haproxy/bind`.

          @@ -234,7 +234,7 @@ Bring haproxy back down with `docker-compose stop` so we've got a clean slate fo

           # Stage 3 - automatic cert renewal

           So far we've got haproxy up, with certs, and everything is just [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).

          -Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#thou-shalt-automate-everything). We'll need a container that can:

          +Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#7-thou-shalt-automate-everything). We'll need a container that can:

           * See the certificates we already have.

           * Renew them.

           * Tell haproxy something has changed.

...	...	@@ -91,7 +91,7 @@ Things of note:
91	91	* certbot listens on port 8000, which docker is mapping to port 80 and making available to the outside world for Let's Encrypt to talk to. We don't need port 443 mapped, because this is an initial request and Let's Encrypt should be fine with just port 80.
92	92	* We're attaching a docker volume to /etc/letsencrypt - that's where the certs end up, and that's how we'll make them available to haproxy.
93	93	* The command concatenates the cert chain and private key into a format that haproxy understands, and dumps it out into the mounted /etc/letsencrypt volume.
94		-* certbot names the certs for the first domain specified, so that ends up in all of the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules#love-thy-defaults).
	94	+* certbot names the certs for the first domain specified, so that ends up in all of the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules#1-love-thy-defaults).
95	95
96	96	## deploy-hook
97	97	The `letsencrypt/deploy-hook` script looks like:
...	...	@@ -121,7 +121,7 @@ We've got ourselves some certs so it's time to fire up haproxy and enjoy all the
121	121	## Dockerfile
122	122	We don't need one.
123	123	Because we're using the official image.
124		-Because we're adhering to [rule 1](/rules#love-thy-defaults).
	124	+Because we're adhering to [rule 1](/rules#1-love-thy-defaults).
125	125
126	126	## haproxy.cfg
127	127	Do an `mkdir -p haproxy/bind`.
...	...	@@ -234,7 +234,7 @@ Bring haproxy back down with `docker-compose stop` so we've got a clean slate fo
234	234
235	235	# Stage 3 - automatic cert renewal
236	236	So far we've got haproxy up, with certs, and everything is just [tickety boo](https://en.wiktionary.org/wiki/tickety-boo).
237		-Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#thou-shalt-automate-everything). We'll need a container that can:
	237	+Those certs only last for 90 days though, and we're not in the habit of breaking [rule 7](/rules#7-thou-shalt-automate-everything). We'll need a container that can:
238	238	* See the certificates we already have.
239	239	* Renew them.
240	240	* Tell haproxy something has changed.