Remix clone Hacker News

new | show | ask | jobs Github

	▲	nickjj 2 days ago
		This is mostly why I run nginx outside of Docker, I've written about it here: https://nickjanetakis.com/blog/why-i-prefer-running-nginx-on... I keep these things separate on the servers I configure: `- Setting up PKI related things like DH Params and certs (no Docker) - My app (Docker) - Reverse proxy / TLS / etc. with nginx (no Docker)` This allows configuring a server in a way where all nginx configuration works over HTTPS and the PKI bits will either use a self-signed certificate or certbot with DNS validation depending on what you're doing. It gets around all forms of chicken / egg problems and reduces a lot of complexity. Switching between self-signed, Let's Encrypt or 3rd party certs is a matter of updating 1 symlink since nginx is configured to read the destination. This makes things easy to test and adds a level of disaster recovery / reliability that helps me sleep at night. This combo has been running strong since all of these tools were available. Before Let's Encrypt was available I did the same thing, except I used 3rd party certs.