-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Let's Encrypt support #300
Conversation
Add Let's Encrypt documentation to README.md
I'm not expecting that this actually gets merged because simp_le adds a lot of bloat to the container, I think it is worth a look for anyone wanting to integrate Let's Encrypt into their nginx-proxy. |
Avoid 'ln: failed to create symbolic link' errors
Update server URL to use the production ready API URL.
Must have feature ! |
Update or create the certificates as soon as possible
Merge JrCs letsencrypt_service improvements - Create new certificate for each domain instead of trying to combine domains into one certificate - Enhance letsencrypt_service so that new or updated containers don't wait for new certificates
@dmp1ce What if instead of merging this into the default image/tag or maintaining it as a fork, it were to be made available as a derived image or add-on somehow? |
@md5 I thought about that but I think I couldn't come up with a solution where I wasn't overriding the nginx.tmpl and Procfile. So, I would be managing changes from nginx-proxy either way. |
Spelling
@md5 is there is a possibility for you to merge this feature ? Letsencrypt is just a specific service but I think in a near future ACME client will become widely used and implemented by a several certificate authorities (not just letsencrypt). I really think this feaure is a must have. More over it's opt-in meaning that usual user won't see anything different from before. I'll respect if you are against merging it. In this case I think @dmp1ce you should think about forking it. |
@hadim I won't be merging this as is since it adds a lot of weight to the image and I haven't had time to look at LE. |
@hadim This project is already forked and the Docker image is available here: https://hub.docker.com/r/dmp1ce/nginx-proxy-letsencrypt/ |
Use jwilder/nginx-proxy as base image and reduce final image size
@dmp1ce very nice ! Could you please open Github issues in your fork ? I have an issue when The syntax should be Please enable issues in your fork, I don't want to create unnecessary noise here. |
For the record, the following diff against @@ -17,7 +17,9 @@
hosts_array=$host_varname[@]
email_varname="LETSENCRYPT_${cid}_EMAIL"
- for domain in "${!hosts_array}"; do
+ IFS=', ' read -r -a hosts_splitted <<< "${!hosts_array}"
+
+ for domain in "${hosts_splitted[@]}"; do
# Create the domain directory
mkdir -p /etc/nginx/certs/$domain |
I wonder if generating and downloading certificates is something that belongs in the proxy image. Yes, I love to see more widespread use of letsencrypt, just not sure it needs to be in the same image. I haven't looked into the details, but after the certificate has been generated and downloaded, it's just a "regular" host, and nginx-proxy does not need to know where the certificate came from (correct me if I'm over-simplifying) Would it be possible to create a separate project/image (e.g. "letsencrypt-generator"), that listens to docker events, checks for |
Update to use the new simp_le API
Add support for alternative names
Cleanup test containers when possible during tests. Add 'test-clean' make target for remaining bat-* containers.
- Specify assert lines for tests to avoid btrfs errors with CircleCI - Update Docker version to 1.9.1 in CircleCI
We don't need a connection over a proxy to a proxy.
eliminate confusion in example of Let's Encrypt
New ACME_CA_URI env parameter
Please have a look at https://github.com/xenolf/lego. It's a LE client in a single Go binary without any dependencies. This should reduce the overhead to a mere 10 MB. |
I have create a new dedicated container: letsencrypt-nginx-proxy-companion that create/renew Let's Encrypt certificates automatically but using the official nginx-proxy. |
Awesome work, @JrCs! |
Notify users that development has moved to https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
I'm using @JrCs's letsencrypt-nginx-proxy-companion and it does the job perfectly. |
Thanks @JrCs for your work - it does the job perfectly! @dmp1ce - if possible, it would be useful to configure vhosts in a way that if there's only HTTP version of the site (no LETSENCRYPT_HOST variable set == no keys generated), there is a dummy/default error page or simple HTTP error code returned instead of some other random HTTPS served by the same proxy instance. Scenario below:
|
@tmiklas, If you set DEFAULT_HOST to "Site 1" then it might work. https://github.com/jwilder/nginx-proxy#default-host You can also add your own custom nginx configuration if you need. https://github.com/jwilder/nginx-proxy#custom-nginx-configuration. In what situation would you not just get a certificate for all sites? |
That would work @dmp1ce... will test shortly. |
I have serval proxies fighting each other for port 80 since @dmp1ce 's fork has own We just need one nginx-proxy for god sake. |
@18601673727 No one is supporting my fork any longer. I recommend using another nginx-proxy. I use |
Yeah, @JrCs really did a nice job, now I have both |
Awesome. This feature is great. Nice work guys :-) |
Any progress here? |
Going to close this since https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion can be used for Let's Encrypt SSL support. |
+ add foundation for future support of other container management services
Using the simp_le Let's Encrypt client a bash script runs and continuously tries to create/renew certificates if the
LETSENCRYPT_HOST
variable is set for a container.Certificates are automatically downloaded and placed in the correct location for nginx-proxy to use them.