ローカル環境開発を acme.sh + docker compose で実現する
色々試しつつも、最終的に落ち着いた。次のような感じ。
localhost.sandbox.directory
の証明書を acme.sh で取得localhost.sandbox.directory
の A レコードに 127.0.0.1 をセットする- 証明書は nginx のコンテナに volume mount する
1. acme.sh で証明書を取得
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
❯ ~/.acme.sh/acme.sh --issue -k ec-256 -d 'localhost.sandbox.directory' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please # ↑で取得した TXT レコードを localhost.sandbox.directory に設定する ❯ ~/.acme.sh/acme.sh --renew --ecc -k ec-256 -d 'localhost.sandbox.directory' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
2. docker-compose で証明書をマウント
❯ cp -a ~/.acme.sh/localhost.sandbox.directory.in_ecc/* nginx/certs/ ❯ cat docker-compose.yml version: '3' services: web: image: nginx:1.21.0 volumes: - ./nginx/default.conf:/etc/nginx/conf.d/default.conf - ./nginx/certs:/etc/nginx/certs ports: - "8443:443" depends_on: - php links: - php php: image: php:7-fpm volumes: - ./app:/app ❯ cat nginx/default.conf server { index index.php index.html; listen 443 ssl; server_name localhost.sandbox.directory; ssl_certificate /etc/nginx/certs/fullchain.cer; ssl_certificate_key /etc/nginx/certs/localhost.sandbox.directory.key; root /app; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass php:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; } }