-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Letsencrypt support #60
Comments
it shouldn't. certificates should be created outside the container. |
While I stand by my previous comment, let me elaborate to make it more useful. Personally I host prosody on kubernetes. Cert-manager (the le equivalent) will obtain certificates an place them in a kubernetes secret which in turn is mounted by the container running prosody and then utilized by the application. When certificates change, a restart of the container is required. This restart can be automated with a component called reloader. On systems with docker, certbot can renew the certificate to be mounted as volume and a hook in certbot can be used to restart the container. Certbot itself can be managed outside of prosody, potentially handling multiple certificates. |
There are even more suitable ways. The documentation basically says:
I run prosody in Docker and let dehydrated renew my certs. The directory where dehydrated puts the certs is mounted (read-only) as a volume into the prosody Docker container and the renew hook calls this basically (with "prosody" being the name of the container and the path being the volume path as it appears inside of the container):
|
Do you mind sharing your docker (compose) files please? (For dehydrated too...) THANK YOU! |
Sorry to disappoint you, but for myself and for @netz39 we do our whole Docker setup with Ansible. Those roles are mostly not public. The dehydrated role is: https://github.com/24367dfa/ansible-role-dehydrated and its |
It is not clear how to integrate Letsencrypt into Prosody using docker. Can someone please point the way? What is the proper way to do so?
Thank so much...
The text was updated successfully, but these errors were encountered: