/www-nginx

Reverse proxy for the Node.js app which serves www.stephen.cresswell.net

www-nginx

Docker Repository on Quay
Reverse proxy for the Node.js app which serves www.stephen.cresswell.net

Features

  • Forces upgrade to SSL
  • Adds X-Real-IP header
  • Maintains Host header
  • Compresses all the typical mimetypes
  • Logs routed to stderr and stdout
  • Turns off server tokens
  • Exposes /well-known/acme-challenge for automatic certificate renewals via certbot
  • Includes certbot configuration for first use

Let's Encrypt and Certbot

To obtain certificates from Let’s Encrypt for the first time:

  1. Comment out the local, stage and live configurations in the dockerfile.
  2. Uncomment the certbot configuration
  3. Build
  4. Deploy

Now nginx will be listening on stephen-cresswell.net, www.stephen-cresswell.net and stage.stephen-cresswell.net without SSL, enabling lets encrypt to find the temporary secrets under /well-known/acme-challenge generated by certbot.