Skip to content
🏯🐳🔐 Ansible role that sets up an automated H2O reverse proxy for docker containers with automatic creation of Let's Encrypt certificates using docker-gen.
Shell HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
defaults
files
tasks
templates
.gitignore
LICENSE
README.md

README.md

ansible-role-h2o-docker-proxy-letsencrypt

Ansible role that sets up an automated H2O proxy for docker containers with automatic creation of Let's Encrypt certificates using docker-gen.

I wrote about this on my blog: https://blog.cedricblondeau.com/2016/08/21/h2o-docker-reverse-proxy/.

Prerequisites

  • Ansible 2.1+
  • A docker-enabled target

Usage

First, clone this repository in your roles path (usually in a roles directory alongside your playbook) under the name h2o-docker-proxy-letsencrypt:

git submodule add https://github.com/cedricblondeau/ansible-role-h2o-docker-proxy-letsencrypt roles/h2o-docker-proxy-letsencrypt

Then, configure (letsencrypt_email is the only mandatory variable) and add the role to your playbook:

---
- name: Set up an automated H2O proxy for docker containers with automatic creation of Let's Encrypt certificates
  hosts: all
  become: true
  vars:
    letsencrypt_email: youremail_here@domain.tld
  roles:
    - h2o-docker-proxy-letsencrypt

Finally, execute your playbook and deploy your apps.

Example :

docker pull training/webapp
docker run -d --name training_webapp -e "VIRTUAL_HOST=webapp.dev" training/webapp

The VIRTUAL_HOST environment variable is mandatory and is used for:

  • Routing the HTTP requests to the containers
  • Creating Let's encrypt certificates

The containers being proxied must expose the port to be proxied, either by using the EXPOSE directive in their Dockerfile or by using the --expose flag to docker run or docker create.

If your container exposes multiple ports, the role will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.

Deployed containers

The role uses two separated docker images:

If you want to build the images yourself you can easily override the repositories:

h2o_image: lkwg82/h2o-http2-server
letsencrypt_image: cedricbl/letsencrypt-webroot

Dev

This role can easily be tested using Vagrant:

Vagrant.configure(2) do |config|
  # Base config
  config.vm.box = "cedricblondeau/ubuntu-xenial64-docker"
  config.vm.hostname = "h2o-docker-proxy-devbox"
  config.vm.network "private_network", ip: "192.168.33.10"

  # Provisioning
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "playbook.yml"
    ansible.verbose = "vvvv"
  end
end

Thanks

You can’t perform that action at this time.