From 36929caded647754b8050ec65700e1c77ee909dd Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Mon, 21 Dec 2015 22:50:38 +0800
Subject: [PATCH] add letsencrypt

---
 README.md                      |  1 +
 letsencrypt/README.md          | 65 ++++++++++++++++++++++++++++++++++
 letsencrypt/docker-compose.yml |  9 +++++
 3 files changed, 75 insertions(+)
 create mode 100644 letsencrypt/README.md
 create mode 100644 letsencrypt/docker-compose.yml

diff --git a/README.md b/README.md
index 8df04c6..e607c2a 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,7 @@ dockerfiles
 - [ ] gliderlabs/logspout
 - [x] gliderlabs/registrator
 - [ ] jenkins
+- [x] letsencrypt
 - [x] owncloud
 - [x] rocket.chat
 - [x] scrapinghub/splash
diff --git a/letsencrypt/README.md b/letsencrypt/README.md
new file mode 100644
index 0000000..ce0dda7
--- /dev/null
+++ b/letsencrypt/README.md
@@ -0,0 +1,65 @@
+letsencrypt
+===========
+
+[Let’s Encrypt][1] is a new Certificate Authority:
+It’s free, automated, and open.
+
+## docker-compose.yml
+
+```
+letsencrypt:
+  image: quay.io/letsencrypt/letsencrypt
+  command: auth
+  ports:
+    - "80:80"
+    - "443:443"
+  volumes:
+    - "/etc/letsencrypt:/etc/letsencrypt"
+    - "/var/lib/letsencrypt:/var/lib/letsencrypt"
+```
+
+## up and running
+
+```
+# stop nginx
+$ systemctl stop nginx
+
+# generate keys
+$ docker-compose run --rm --service-ports letsencrypt
+>>> email: admin@datageek.info
+>>> domains: datageek.info blog.datageek.info
+
+# copy keys
+$ mkdir -p /etc/nginx/ssl/
+$ cp /etc/letsencrypt/live/datageek.info/fullchain.pem /etc/nginx/ssl/datageek.info.crt
+$ cp /etc/letsencrypt/live/datageek.info/privkey.pem /etc/nginx/ssl/datageek.info.key
+
+# reconfig nginx
+$ vi /etc/nginx/sites-enabled/default
+server {
+        listen 80 default;
+        server_name _;
+        return 301 https://$host$request_uri;
+}
+
+server {
+        listen 443 ssl;
+        server_name datageek.info blog.datageek.info;
+        ssl_certificate ssl/datageek.info.crt;
+        ssl_certificate_key ssl/datageek.info.key;
+        location / {
+                proxy_pass http://127.0.0.1:8000;
+        }
+}
+
+# start nginx
+$ systemctl start nginx
+```
+
+## references
+
+- https://letsencrypt.readthedocs.org/en/latest/using.html#running-with-docker
+- https://docs.docker.com/compose/reference/run/
+- http://nginx.org/en/docs/http/configuring_https_servers.html
+
+[1]: https://letsencrypt.org/
diff --git a/letsencrypt/docker-compose.yml b/letsencrypt/docker-compose.yml
new file mode 100644
index 0000000..4045494
--- /dev/null
+++ b/letsencrypt/docker-compose.yml
@@ -0,0 +1,9 @@
+letsencrypt:
+  image: quay.io/letsencrypt/letsencrypt
+  command: auth
+  ports:
+    - "80:80"
+    - "443:443"
+  volumes:
+    - "/etc/letsencrypt:/etc/letsencrypt"
+    - "/var/lib/letsencrypt:/var/lib/letsencrypt"