Add Let's Encrypt support #300
Conversation
Add Let's Encrypt documentation to README.md
|
I'm not expecting that this actually gets merged because simp_le adds a lot of bloat to the container, I think it is worth a look for anyone wanting to integrate Let's Encrypt into their nginx-proxy. |
Avoid 'ln: failed to create symbolic link' errors
Update server URL to use the production ready API URL.
|
Must have feature ! |
Update or create the certificates as soon as possible
Merge JrCs letsencrypt_service improvements - Create new certificate for each domain instead of trying to combine domains into one certificate - Enhance letsencrypt_service so that new or updated containers don't wait for new certificates
|
@dmp1ce What if instead of merging this into the default image/tag or maintaining it as a fork, it were to be made available as a derived image or add-on somehow? |
|
@md5 I thought about that but I think I couldn't come up with a solution where I wasn't overriding the nginx.tmpl and Procfile. So, I would be managing changes from nginx-proxy either way. |
Spelling
|
@md5 is there is a possibility for you to merge this feature ? Letsencrypt is just a specific service but I think in a near future ACME client will become widely used and implemented by a several certificate authorities (not just letsencrypt). I really think this feaure is a must have. More over it's opt-in meaning that usual user won't see anything different from before. I'll respect if you are against merging it. In this case I think @dmp1ce you should think about forking it. |
|
@hadim I won't be merging this as is since it adds a lot of weight to the image and I haven't had time to look at LE. |
|
@hadim This project is already forked and the Docker image is available here: https://hub.docker.com/r/dmp1ce/nginx-proxy-letsencrypt/ |
Use jwilder/nginx-proxy as base image and reduce final image size
|
@dmp1ce very nice ! Could you please open Github issues in your fork ? I have an issue when The syntax should be Please enable issues in your fork, I don't want to create unnecessary noise here. |
|
For the record, the following diff against @@ -17,7 +17,9 @@
hosts_array=$host_varname[@]
email_varname="LETSENCRYPT_${cid}_EMAIL"
- for domain in "${!hosts_array}"; do
+ IFS=', ' read -r -a hosts_splitted <<< "${!hosts_array}"
+
+ for domain in "${hosts_splitted[@]}"; do
# Create the domain directory
mkdir -p /etc/nginx/certs/$domain |
|
I wonder if generating and downloading certificates is something that belongs in the proxy image. Yes, I love to see more widespread use of letsencrypt, just not sure it needs to be in the same image. I haven't looked into the details, but after the certificate has been generated and downloaded, it's just a "regular" host, and nginx-proxy does not need to know where the certificate came from (correct me if I'm over-simplifying) Would it be possible to create a separate project/image (e.g. "letsencrypt-generator"), that listens to docker events, checks for |
Update to use the new simp_le API
Add support for alternative names
Cleanup test containers when possible during tests. Add 'test-clean' make target for remaining bat-* containers.
- Specify assert lines for tests to avoid btrfs errors with CircleCI - Update Docker version to 1.9.1 in CircleCI
We don't need a connection over a proxy to a proxy.
eliminate confusion in example of Let's Encrypt
New ACME_CA_URI env parameter
Please have a look at https://github.com/xenolf/lego. It's a LE client in a single Go binary without any dependencies. This should reduce the overhead to a mere 10 MB. |
|
I have create a new dedicated container: letsencrypt-nginx-proxy-companion that create/renew Let's Encrypt certificates automatically but using the official nginx-proxy. |
|
Awesome work, @JrCs! |
Notify users that development has moved to https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
|
I'm using @JrCs's letsencrypt-nginx-proxy-companion and it does the job perfectly. |
|
Thanks @JrCs for your work - it does the job perfectly! @dmp1ce - if possible, it would be useful to configure vhosts in a way that if there's only HTTP version of the site (no LETSENCRYPT_HOST variable set == no keys generated), there is a dummy/default error page or simple HTTP error code returned instead of some other random HTTPS served by the same proxy instance. Scenario below:
|
|
@tmiklas, If you set DEFAULT_HOST to "Site 1" then it might work. https://github.com/jwilder/nginx-proxy#default-host You can also add your own custom nginx configuration if you need. https://github.com/jwilder/nginx-proxy#custom-nginx-configuration. In what situation would you not just get a certificate for all sites? |
|
That would work @dmp1ce... will test shortly. |
|
I have serval proxies fighting each other for port 80 since @dmp1ce 's fork has own We just need one nginx-proxy for god sake. |
|
@18601673727 No one is supporting my fork any longer. I recommend using another nginx-proxy. I use |
|
Yeah, @JrCs really did a nice job, now I have both |
|
Awesome. This feature is great. Nice work guys :-) |
|
Any progress here? |
|
Going to close this since https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion can be used for Let's Encrypt SSL support. |
+ add foundation for future support of other container management services
Using the simp_le Let's Encrypt client a bash script runs and continuously tries to create/renew certificates if the
LETSENCRYPT_HOSTvariable is set for a container.Certificates are automatically downloaded and placed in the correct location for nginx-proxy to use them.