Docker Nginx Proxy with Let's Encrypt simplifies application integration with Let's Encrypt.
This project provides a simple nginx configuration and auto-updating Let's Encrypt for integration with existing services.
Docker Hub image: docker-nginx-letsencrypt-proxy
docker-compose.yml
)"Put this in your stack and deploy it."
version: '2' docker-nginx-letsencrypt-proxy: build: . ports: - 80:80 - 443:443 container_name: docker-nginx-letsencrypt-proxy log_opt: max-size: 50k environment: - LE_ENABLED=true # - LE_TEST=true # LE is rate limited. While doing development, be sure to set testing mode so requests don't count against our quota. - LE_EMAIL=test@test.com # Your email, here - LE_DOMAIN=domain.com #A comma separated list of your domains, here - PROXY_DEST=https://www.google.com #A comma separated list of destinations for the proxied services # - PROXY_PORT=8443 # - SLACK_NOTIFICATIONS_INFRA_URL=https://hooks.slack.com/services/???????? # Be sure to fill this in using your URL for the slack webhook integration volumes: - "/etc/letsencrypt" # links: # - mycontainer # If using version 1, link to your container
The following docker environment variables are required for proper usage:
LE_EMAIL
, the email address for use with Let's Encrypt (simply registers your public key for retrieval).LE_DOMAIN
, a comma separated list of domains current configured to point at your serverPROXY_DEST
, a comma separated list of destinations for the proxied services; along the lines of http://mydestination.com
or http://localhost:8000
. There should be as many destinations as LE_DOMAIN
s; however, for each without a corresponding destination, the first destination will be used for the remaining LE_DOMAIN
s.PROXY_PORT
, the port on which the https connections will be served. Defaults to 443SLACK_NOTIFICATIONS_INFRA_URL
(optional), the slack webhook integration URL to receive slack notifications upon certificate update or letsencrypt-auto
error.LE_ENABLED
(optional, defaults to true), For local, non-public development stacks, set to false
. This will disable requests to Let's Encrypt for certificates and use self signed certificates instead.LE_TEST
(optional), LE is rate limited. While testing your stack, be sure to set testing mode so requests don't count against your domain quota. Such certificates will not be valid, but are sufficient to test your setup.
TLS_SETTING
(optional), one of MODERN
, INTERMEDIATE
, OR OLD
. All other values will be igored. MODERN
is default to allow for the best security setting.
LOGROTATE_SIZE
(optional, defaults to 10k), the size limit of the log filesLOGROTATE_FILE_LIMIT
(optional, defaults to 7), the number of log files to keepCRON_SCHEDULE
(optional, defaults to 0 ), the cron schedule for logrotateConfiguration | Oldest compatible client |
---|---|
MODERN |
Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, Java 8 |
INTERMEDIATE |
Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 |
OLD |
Windows XP IE6, Java 6 |
When certificates are updated, the event handler will:
/etc/nginx/ssl
supervisor
to restart nginx: supervisorctl restart nginx
SLACK_NOTIFICATIONS_INFRA_URL
is set, send a notification to your slack channel.The premise is simple:
LE_DOMAIN
env variable provided in docker-compose.yml
LE_TEST=true
can be provided during testing (in docker-compose.yml
).supervisor
handles the running of nginx and the letsencrypt event handler, which is run every hour.nginx
is restarted using the supervisor control call.
SLACK_NOTIFICATIONS_INFRA_URL
in the docker-compose.yml
to get a Slack notification of a certificate update!