I am looking for best-practices for this solution:
I want to build a clean Docker Compose stack that includes:
- Wordpress
- Nginx
- Certbot
- MariaDB
All without using additional scripts, without custom images and without changing the configuration during the “build”. Just a docker-compose.yml file and simple startup.
However, the problem sets in that you need to have at least self signed certificates before getting SSL certificates from Let’s encrypt, as Nginx would not start if the server is configured with port 443 and a path to certificates that do not yet exist. But without Nginx running, the certbot container cannot be started.
What are the best practices for this solution?
-
Use self-signed certificates that will be overwritten afterwards and only use entrypoint or command to reload Nginx, or
-
for example 2 different Nginx configurations that would only get swapped when starting the Docker compose stack after getting the certificates ? Or
-
Nginx would only start with port 80 using commands and only after getting the certificate would the configuration with port 443 from the nginx.conf configuration file be used after the reload ?
Thanks for the advice.