config
Configure Nginx-LE
Use the nginx-le config command to configure you Nginx-LE container.
When you run config, Nginx-LE will destroy and create a new container with the new settings.
When running nginx-le config you will prompted to answer a no. of questions
FQDN
Enter the fully qualified domain name of your nginx-le host.
e.g. www.noojee.com.au
TLD
Enter the top level domain (TLD) for your nginx-le host.
Examples
FQDN | TLD |
www.noojee.com.au | com.au |
www.noojee.org | org |
Mode
Enter the web servers mode. This is either public or private.
A public web server is one that can be reached (directly or via NAT etc) via a public ip address.
A private web server is one that can only be reached via a private ip address.
Wildcard or FQDN
Nginx-le allows you to acquire a wild card certificate (*.noojee.com.au) or a FQDN certificate (www.noojee.com.au).
You should only use a wild card certificates if you have multiple web servers running of the same domain.
Certbot normally expects you to manually distribute wildcard certificates within your own organisations so the wild card option is only usable with nginx-le in limited circumstances.
Production/Staging
Lets you choose the type of certificate to acquire.
Select production to get a production certificate.
Select staging to get a staging/test certificate.
Use this staging option if you are destroying/recreating your web server during testing. Certbot has hard limits on the no. of production certificates you can acquire per day (5 per day) where you can get a far larger no. of staging certificates.
Auth Providers
To acquire a LetsEncrypt certificate you must be able to prove that you own the domain for which the certificate is being issued.
Nginx-LE supports a number of Certbot Authentication methods (Auth Providers).
Auth Provider | Usage Case | Description |
HTTP01Auth | For a public web server using a FQDN certificate. | Your web server must be accessible on a public ip address. This is the simplest form of validation as it works with any DNS provider. Port 80 must be open. |
cloudflare | For public and private web servers. Supports FQDN and wildcard certificates. | The most flexible auth provider, your DNS must be hosted with Cloudflare. |
namecheap | For public and private web servers. Supports FQDN and wildcard certificates. | Not recommended. The namecheap api is dangerous and currently limited to domains that have no more than 10 A records. |
Content Provider
The configure command lets you set how the content is to be served.
Nginx-LE supports four types of Content Providers
Provider | Description |
Static | Serve static web content from a local folder. |
Generic Proxy | Pass requests through to a Web Application server that can respond to HTTP requests. This is normally on the same host as the Nginx-LE server as the connection is not encrypted. |
Tomcat Proxy | Pass requests to a local Tomcat web application server on port 8080. |
Custom | Allows you to configure your own Nginx location and upstream settings. |
Static Content Provider
The static Content Provider allows you to serve static content from a local directory (e.g. index.html)
The Static Content Provider will request the path to your static content and the default html file.
Generic Proxy Content Provider
The Generic proxy Content Provider allows you to proxy requests through to a web application server.
The Nginx-LE container exposes the secure HTTPS connection and then passes all requests through to your web application server via HTTP.
Please note that normally you need to select a port other than 80 as Nginx-LE needs to accept requests on port 80 for certificate acquisition and renewals.
Tomcat Proxy Content Provider
Designed to work with the java based Tomcat Web application Server.
The Tomcat proxy allows you to configure the port and context the Tomcat server operates on.
Custom Content Provider
The Custom Content Provider allows you to configure your own Location and Upstream files.
Location of nginx include files
By default nginx-le configures nginx to look for files in /opt/nginx/include on the host system. Change the path to have nginx-le load the include files from a different directory.
Paused Mode
The start paused option is mainly used by the Nginx-LE team for diagnosing startup issues.
When you place Nginx-LE into start paused mode it will not start the nginx server nor attempt to acquire a certificate.
Once you start Nginx-LE in paused mode you can attach to the Nginx-LE docker container and explore its configuration.
You can connect to the Nginx-LE container (even when not in paused mode) by running nginx-le cli.
Errors are notified via email
Enter an email address where errors are emailed to.
SMTP Server
The FQDN of your SMTP Server which will be used to notify errors.
SMTP Server Port
The Port of your SMTP Server which will be used to notify errors.
Start Method
Select the method by which you are going to start Nginx-LE
Method | Description |
nginx-le start | The simplest method. |
docker start/run | nginx-le config will create a container. Use docker start and docker stop to start/stop the container. |
docker-compose |
|
The config command saves each of the entered settings so that you don't have to pass them when running other commands.
Select the nginx-le image
Allows you to choose which version of nginx-le docker image to run. Mostly you should choose 'latest'.
Last updated