-
Run
git clone https://github.com/frankhinek/akaunting.git. -
Run
cp .env.example .env. -
Edit the
.envfile and enter your database, NGINX, and AWS secrets. -
Run the following commands
export $(grep -v '^#' .env | xargs) && \ sed -i '' "s/__NGINX_SERVER_NAME__/${NGINX_SERVER_NAME}/g" nginx/conf.d/akaunting.conf && \ sed -i '' "s/__NGINX_DNS_ZONE__/${NGINX_DNS_ZONE}/g" nginx/conf.d/akaunting.conf -
Run
docker-compose build.
- Navigate to https://console.aws.amazon.com/iam/home#/users
- Click Add User.
- Enter
acme-domain-writerfor User name. - Place a check next to Programmatic access.
- Click the Next: Permissions button.
- Click Attach existing policies directly.
- Click Create policy.
- Click the JSON tab and enter the following policy, changing the
HOSTED_ZONE_IDvalue:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/HOSTED_ZONE_ID"
]
}
]
}- Click Next and enter a name of
certbot-dns-route53-allow-writing-YOUR.DOMAIN-zone. - Go back to the Add user browser tab, search for "certbot", and place a check next to the newly created policy.
- Click the Next: Tags button.
- Click the Next: Review button.
- Click the Create user button.
- Securely save the Access key ID and Secret access key
- Click the Close button.
Run the following to create the wildcard certificate, replacing the DOMAIN_NAME and EMAIL_ACCOUNT
values:
docker-compose run --rm --entrypoint "\
certbot certonly \
-d DOMAIN_NAME -d *.DOMAIN_NAME \
--agree-tos \
--non-interactive \
--email EMAIL_ACCOUNT \
--dns-route53 \
--preferred-challenges=dns \
--rsa-key-size 4096 \
--server https://acme-v02.api.letsencrypt.org/directory" certbotRun: docker-compose up -d