Hosting a simple docker-compose app with Nginx and generate a SSL with certbot on digitalocean droplet

manethpak

Pak Maneth

Posted on April 9, 2024

Hosting a simple docker-compose app with Nginx and generate a SSL with certbot on digitalocean droplet

Short and simple guide to hosting a simple docker app on digitalocean droplet with NGINX as the web server to serve our application.

This guide also works for other hosting service.

After creating your droplet, SSH into your droplet with the command below and upgrate your system packages

ssh root@<droplet_ip>

# Update the system
sudo apt update
sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

Then clone your project and change directory into the project

git clone <remote_url>

cd <project_name>
Enter fullscreen mode Exit fullscreen mode

Install Docker

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh get-docker.sh

# Install docker compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# Apply executable permissions to the binary
sudo chmod +x /usr/local/bin/docker-compose

# Run Project
docker-compose up -d
Enter fullscreen mode Exit fullscreen mode

Install Nginx

NOTE: Replace any your_domain to your public IPv4 or your domain name.

# Installing nginx with apt
sudo apt install nginx

# Firewall configuration to allow HTTP traffic for Nginx
sudo ufw allow 'Nginx HTTP’

# Create a new configuration in your site
sudo nano /etc/nginx/sites-available/your_domain
Enter fullscreen mode Exit fullscreen mode

Nginx server configuration

server {
   listen 80;
   listen [::]:80;
   server_name your_domain;
   location / {
      proxy_pass http://localhost:3000; # Replace to the port your server is listening to
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_cache_bypass $http_upgrade;
   }
}
Enter fullscreen mode Exit fullscreen mode
# Copy config to sites-enabled
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

# Check for syntax errors
sudo nginx -t

# Restart Nginx to enable your new configuration
sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

Go to your DNS provider, and add a new A record. Name will be your domain name, and value will be the Public IPv4 address from your droplet

Install Certbot for SSL

# Install python3 virtual environment
apt install python3-venv

# Create a virtual environment
sudo python3 -m venv /opt/certbot/
Enter fullscreen mode Exit fullscreen mode
# Upgrade pip
sudo /opt/certbot/bin/pip install --upgrade pip

# Using pip to install certbot & certbot-nginx
sudo /opt/certbot/bin/pip install certbot certbot-nginx

# Copy the newly install certbot package
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

# Instructs Certbot to use the Nginx plugin to automatically configure SSL/TLS for Nginx web servers.
sudo certbot --nginx
Enter fullscreen mode Exit fullscreen mode

Add an auto certificate renew script

# Run once every 2 days
echo "0 0 */2 * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
manethpak
Pak Maneth

Posted on April 9, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related