HTTPS Setup with Certbot on Yandex Cloud

Description

This project provides a setup for enabling HTTP and HTTPS for a domain using Certbot on Yandex Cloud. It automates the provisioning of infrastructure with Terraform and runs Nginx in Docker to serve traffic securely with Let's Encrypt certificates.

---

Features

• Automatic generation of Let's Encrypt SSL certificates via Certbot.
• HTTP and HTTPS endpoints configured through Nginx in Docker.
• Infrastructure as Code using Terraform:
  • Network Load Balancer (NLB) in Yandex Cloud.
  • Target groups and health checks for Nginx instance.
• Easy to deploy and manage in Yandex Cloud.
• Supports sequential container setup without Docker Compose.

---

Requirements

• Terraform >= 1.5
• Docker >= 24.x
• Access to Yandex Cloud with API key / IAM token
• A registered domain pointing to the Yandex Cloud NLB IP

---

Usage

1. Deploy Infrastructure with Terraform

terraform init
terraform apply -var="domain=your-domain.com" -auto-approve

2. Prepare Nginx config

cat > nginx/entrypoint.sh << 'EOF'
#!/bin/sh
envsubst '${DOMAIN}' < /etc/nginx/conf.d/default.conf > /tmp/default.conf
cp /tmp/default.conf /etc/nginx/conf.d/default.conf
exec "$@"
EOF

chmod +x nginx/entrypoint.sh

3. Run Nginx container

docker run -d \
  --name nginx \
  -e DOMAIN=your-domain.com \
  -p 80:80 -p 443:443 \
  -v $(pwd)/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro \
  -v $(pwd)/nginx/entrypoint.sh:/docker-entrypoint.sh:ro \
  -v $(pwd)/nginx/certs:/etc/letsencrypt \
  -v $(pwd)/nginx/certbot:/var/www/certbot \
  nginx:latest

4. Generate Certificates with Certbot

docker run --rm -it \
  -v $(pwd)/nginx/certs:/etc/letsencrypt \
  -v $(pwd)/nginx/certbot:/var/www/certbot \
  certbot/certbot certonly \
  --webroot \
  --webroot-path=/var/www/certbot \
  -d your-domain.com \
  --email you@example.com \
  --agree-tos \
  --non-interactive

5. Reload Nginx with new certificates

docker exec nginx nginx -s reload

6. Check https

curl -vk https://your-domain.com/