Back to top
1 minute read

Lets Encrypt Support for nginx-php-fpm

Encrypted PHP sites in seconds!

If you've been using the nginx-php-fpm container for some time you may be interested to know there is a new feature that adds support for lets encrypt. This means you can now start a container, issue a command and have a fully encrypted website in seconds! For those of you not familiar with this container, its a lightweight container that can easily run your PHP code and also pull your code dynamically from Git, its pretty powerful so be sure to check it out.

We'll show you just how quick this is but be sure to check out the full documentation here: https://github.com/ngineered/n...

Start Your Container

First lets get your container started, I'm going to skip over configuring the container to pull code in dynamically as that's covered in the README file included the GitHub repo above. Instead you'll just see a test phpinfo() page.

Running the following command will get your container running and listening on port 80 and 443. Its important to note that for lets encrypt to validate, your site needs to publicly accessible and accessible on the DOMAIN variable that you supply in the following command. You also need to supply the WEBROOT and GIT_EMAIL variables. The default WEBROOT is /var/www/html/

docker run --name=le-test -p 80:80 -p 443:443 -e "WEBROOT=/var/www/html" -e "GIT_EMAIL=me@ngd.io" -e "DOMAIN=void.ngd.io" richarvey/nginx-php-fpm:latest

Setting up Lets Encrypt

Once your container is running try browsing to http://yourdomain and check its working as expected. Remember your site needs to be publicly accessible for the next bit to work.

Running the following command invokes a script which places files in the .well-known folder in your web root. These are the signed and encrypted files that the lets encrypt service needs to access in order to issue you with a valid certificate. Once you receive the valid certificate the script moves the SSL configuration into place and restarts nginx.

sudo docker exec -t le-test /usr/bin/letsencrypt-setup

You should now new able to access your site on https://yourdoman

In this example you'll get the phpinfo() page displayed and see that it also have the little green padlock in the URL bar.

Renewing Certificates

Lets Encrypt certs expire every 90 days so you'll need to renew your certificate. For this reason we've included a simple renewal script, that gets a new cert and restarts nginx.

sudo docker exec -t le-test /usr/bin/letsencrypt-renew

Support

This feature is supported in both the php5 and php7 versions of the container and will feature in the new nodeJS and Static containers coming soon. As ever if you have any issues please open them in GitHub and we'll get back to you asap.

Ric Harvey

Ric leads engineering and technical architecture for Ngineered. He has a vast amount of experience in cloud computing, having been responsible for the delivery of large-scale cloud migration projects at companies like Ticketmaster and Channel 4.

Discussion