Docker-compose support for nginx-proxy with SSL support
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

docker-compose for nginx proxy with LE

Running nginx as a proxy with SSL support (via the free services of the Let's Encrypt project) on the Docker platform is possible using a combination of images and a docker-compose file. This project makes the process very straightforward as follows:

curl -O
docker network create --subnet= --opt nginx-proxy
docker-compose up -d

Please note that the setup uses an external network that needs to be created first (the second command above), a one-time step required per docker host. This allows you to define services in a separate docker-compose file and join those that need proxying to the external network. Here's how it's done:

version: '3'

      <other-details not shown>
         - nginx-proxy

      external: true

Additionally, a subnet is specified in the network definition, which enables processes within your containers that need to be told where to accept request from to indicate the particular subnet in question. For example, to tell a bitcoin server to accept requests from any process within the proxy network you could:

    image: seegno/bitcoind:latest
      - nginx-proxy

Finally, the --opt passed during network creation makes sure to name the real interface as well since Docker otherwise assigns a random br-<random hex string> name to it. Naming the real interface facilitates fine-tuning the IP tables using the name


To use the staging servers from Let's Encrypt (instead of production which rate limits), create a .env file in the same directory where the docker-compose is located with the contents below, like this:

echo "ACME_CA_URI=" >> .env


For further information regarding the various components in this solution, please refer to each project:


The current docker-compose file is structured to expect the docker-gen template to be provided by JrCs's companion package. If PR #203 is approved, everyting should work flawlessly. If that PR is not approved, you'll likely get an error when nginx-gen tries to come up as follows:

2017/05/06 03:09:20 Unable to parse template: open /etc/docker-gen/templates/nginx.tmpl: no such file or directory

in which case you'll need to fetch the template yourself and put it in the container. Grab this file:

curl -O

then bring up LE and watch the logs until it's done initialising (it will sleep when ready):

docker-compose up -d nginx-ssl
docker logs -f nginx-ssl

then copy the template into the container and restart the generator:

docker cp nginx.tmpl nginx-gen:/etc/docker-gen/templates/
docker restart nginx-gen

To see it in action, start a container that uses the proxy and look at the certs generated:

docker exec -it nginx-ssl ls -R /etc/nginx/certs --color=none

and the config generated:

docker exec -it nginx-proxy cat /etc/nginx/conf.d/default.conf

Other Resources

If you use SaltStack, check out Lounagen's writeup