Skip to content
An nginx HTTPS reverse proxy using Docker, with support for Let's Encrypt
DIGITAL Command Language Dockerfile Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
nginx
.gitignore
README.md
docker-compose.yml
gen-cert.sh
start.sh

README.md

nginx-https-proxy

This software is an nginx HTTPS reverse proxy with support for Let's Encrypt. It may be deployed using Docker. It is a container that has nginx and the Let's Encrypt certbot installed. It may be used to automatically obtain an HTTPS certificate from Let's Encrypt, then act as a reverse proxy for upgrading an HTTP service to HTTPS.

Installation

To start using this software, clone this repository and then run docker-compose up. Then, follow the instructions in the next two sections to get an HTTPS certificate set up and to configure the redirect for your domain. You must have Docker installed to run the container, and you must haveand docker-compose installed to use the helper script.

Obtaining new certificates from Let's Encrypt

certbot certonly --webroot -w /var/www/letsencrypt/ -d example.com

This command may be run on the host machine through docker exec as follows:

docker exec -ti nginx-https-proxy_app_1 certbot certonly --webroot -w /var/www/letsencrypt/ -d example.com

The helper script gen-cert.sh will run the above command inside the nginx Docker container for you.

bash gen-cert.sh [domain name]

Configuration

You will want to obtain the certificate from Let's Encrypt using the command above before adding your site's configuration.

To set up the HTTPS reverse proxy for your site, copy the example configuration file from nginx/sites-enabled to a new file in the same directory. Edit the certificate location to match your domain name.

Launching the service

Running the service is as easy as docker-compose up (or docker-compose up --build if you recently changed the sites-enabled directory. You may also run bash start.sh to start the service for you.

Notes

If you want to generate your own SSL key for testing, you can do so with OpenSSL. You must rename the files accordingly.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=example.com'
You can’t perform that action at this time.