From b5444939da6501ddbc1eafaee77848cbd2fa3041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jorge=20Enrique=20G=C3=B3mez=20G=C3=B3mez?=
 <jegomez@noreply.example.org>
Date: Sun, 28 Mar 2021 23:55:48 +0000
Subject: [PATCH] [DOC] Adds required nginx setup

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 160a1e9..5fbe28c 100644
--- a/README.md
+++ b/README.md
@@ -24,3 +24,13 @@ ansible-pull \
 The file ~/.vault_pass.txt contains the cleartext password to the vault
 file where the Dreamhost API key and the Gitea deploy keys are stored
 encrypted.
+
+## Prerequisites
+
+A container called **nginx** should exist, with these packages already installed:
+
+```sh
+lxc exec nginx -- apt -y install nginx certbot python3-certbot-nginx
+```
+
+This container should listen to external connections, in order to allow **Let's Encrypt** certificates to be assigned and renewed. It's strongly suggested to protect it using **fail2ban**, Geo-IP restrictions, or other security measures.
\ No newline at end of file