Skip to content
Nginx with automatic let's encrypt (docker image)
Shell Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows
conf
etc
example/webrtc add reverse proxy example (#24) Nov 26, 2018
script silence unneeded output in certificate create\update routine Aug 14, 2019
.gitignore
Dockerfile
LICENSE
README.md
docker-compose.yml
rating.png

README.md

NGINX-LE - Nginx web and proxy with automatic let's encrypt Docker Automated build

Simple nginx image (alpine based) with integrated Let's Encrypt support.

How to use

  • get docker-compose.yml and change things:
    • set timezone to your local, for example TZ=UTC. For more timezone values check /usr/share/zoneinfo directory
    • set LETSENCRYPT=true if you want automatic certificate install and renewal
    • LE_EMAIL should be your email and LE_FQDN for domain
    • for multiple FQDNs you can pass comma-separated list, like LE_FQDN=aaa.example.com,bbb.example.com
    • alternatively set LETSENCRYPT to false and pass your own cert in SSL_CERT, key in SSL_KEY and SSL_CHAIN_CERT
    • use provided etc/service-example.conf to make your own etc/service.conf. Keep ssl directives as is:
      ssl_certificate SSL_CERT;
      ssl_certificate_key SSL_KEY;
      ssl_trusted_certificate SSL_CHAIN_CERT;
  • make sure volumes in docker-compose.yml changed to your service config
  • you can map multiple custom config files in compose for any service*.conf (see docker-compose.yml for service2.conf)
  • pull image - docker-compose pull
  • if you don't want pre-built image, make you own. docker-compose build will do it
  • start it docker-compose up

Some implementation details

  • image uses alpine's certbot package.
  • script/entrypoint.sh requests LE certificate and will refresh every 10 days in case if certificate is close to expiration (30day)
  • script/le.sh gets SSL
  • nginx-le on docker-hub
  • A+ overall rating on ssllabs

ssllabs

Alternatives

  • Træfik HTTP reverse proxy and load balancer. Supports Let's Encrypt directly.
  • Caddy supports Let's Encrypt directly.
  • leproxy small and nice (stand alone) https reverse proxy with automatic Letsencrypt
  • bunch of others

Examples

  • Reverse proxy for WebRTC solutions, where you need multiple ports on one domain to reach different services behind your nginx-le container.
You can’t perform that action at this time.