/docker-nginx-ssl

Docker container for Nginx with Certbot SSL

Primary LanguageShellMIT LicenseMIT

docker-nginx-ssl

Build Status Layers

Docker container for Nginx with Certbot SSL based on madharjan/docker-nginx

Features

  • Environment variables to configure Certbot SSL
  • Preconfigured to redirect to prefix (e.g www) for request without subdomain (e.g http://company.com to http://www.company.com)
  • Preconfigured to redirect all HTTP to HTTPS
  • Bats bats-core/bats-core based test cases
  • Deploy/update web projects from git
  • Setup reverse proxy

Nginx 1.10.3 & Certbot SSL (docker-nginx-ssl)

Environment

Variable Default Example
DISABLE_NGINX 0 1 (to disable)
DISABLE_SSL 0 1 (to disable)
SSL_DOMAIN mycompany.com
SSL_EMAIL me@email.com
SSL_PREFIX www mail
CERTBOT_STAGE true
INSTALL_PROJECT 0 1 (to enable)
PROJECT_GIT_REPO https://github.com/BlackrockDigital/startbootstrap-creative.git
PROJECT_GIT_TAG v5.1.4
DEFAULT_PROXY 0 1 (to enable)
PROXY_SCHEME http https
PROXY_HOST 127.0.0.1
PROXY_PORT 8080 8000

Build

# clone project
git clone https://github.com/madharjan/docker-nginx-ssl
cd docker-nginx-ssl

# build
make

# tests
make run
make test

# clean
make clean

Run

Configure DNS server for domain

Replace ${DOMAIN} with your domain. e.g mycompany.com Replace ${IP-ADDRESS} with your server IP Address

${DOMAIN}`. 1800 IN A ${IP-ADDRESS}`
www.${DOMAIN}`. 1800 IN CNAME ${DOMAIN}`.

Note: update environment variables below as necessary

# prepare foldor on host for container volumes
sudo mkdir -p /opt/docker/nginx/etc/conf.d
sudo mkdir -p /opt/docker/nginx/html/
sudo mkdir -p /opt/docker/nginx/log/
sudo mkdir -p /opt/docker/certbot/tmp

# stop & remove previous instances
docker stop nginx-ssl
docker rm nginx-ssl

# run container
docker run -d \
  -e SSL_DOMAIN=mycompany.com \
  -e SSL_EMAIL=me@email.com \
  -p 80:80 \
  -p 443:443 \
  -v /opt/docker/nginx/etc/conf.d:/etc/nginx/conf.d \
  -v /opt/docker/nginx/html:/var/www/html \
  -v /opt/docker/nginx/log:/var/log/nginx \
  -v /opt/docker/certbot:/etc/certbot \
  --name nginx-ssl \
  madharjan/docker-nginx-ssl:1.10.3

Systemd Unit File

Note: update environment variables below as necessary

[Unit]
Description=Nginx

After=docker.service

[Service]
TimeoutStartSec=0

ExecStartPre=-/bin/mkdir -p /opt/docker/nginx/etc/conf.d
ExecStartPre=-/bin/mkdir -p /opt/docker/nginx/html
ExecStartPre=-/bin/mkdir -p /opt/docker/nginx/log
ExecStartPre=-/usr/bin/docker stop nginx
ExecStartPre=-/usr/bin/docker rm nginx
ExecStartPre=-/usr/bin/docker pull madharjan/docker-nginx:1.10.3

ExecStart=/usr/bin/docker run \
  -e SSL_DOMAIN=mycompany.com \
  -e SSL_EMAIL=me@email.com \
  -p 80:80 \
  -p 443:443 \
  -v /opt/docker/nginx/etc/conf.d:/etc/nginx/conf.d \
  -v /opt/docker/nginx/html:/var/www/html \
  -v /opt/docker/nginx/log:/var/log/nginx \
  -v /opt/docker/certbot:/etc/certbot \
  --name nginx-ssl \
  madharjan/docker-nginx-ssl:1.10.3

ExecStop=/usr/bin/docker stop -t 2 nginx

[Install]
WantedBy=multi-user.target

Generate Systemd Unit File

Variable Default Example
PORT 80
VOLUME_HOME /opt/docker /opt/data
NAME ngnix-ssl
SSL_PORT 443
SSL_DOMAIN mycompany.com
SSL_EMAIL me@email.com
SSL_PREFIX www mail
INSTALL_PROJECT 0 1 (to enable)
PROJECT_GIT_REPO https://github.com/BlackrockDigital/startbootstrap-creative.git
PROJECT_GIT_TAG HEAD v5.1.4
DEFAULT_PROXY 0 1 (to enable)
PROXY_SCHEME http https
PROXY_HOST 127.0.0.1
PROXY_PORT 8080 8000
LINK_PROXY_CONTAINER nginx-web2py

With deploy web projects

# generate nginx.service
docker run --rm \
  -e PORT=80 \
  -e SSL_PORT=443 \
  -e SSL_DOMAIN=mycompany.com \
  -e SSL_EMAIL=me@email.com \
  -e INSTALL_PROJECT=1 \
  -e PROJECT_GIT_REPO=https://github.com/BlackrockDigital/startbootstrap-creative.git \
  -e PROJECT_GIT_TAG=v5.1.4 \
  madharjan/docker-nginx-ssl:1.10.3 \
  nginx-ssl-systemd-unit | \
  sudo tee /etc/systemd/system/nginx-ssl.service

sudo systemctl enable nginx-ssl
sudo systemctl start nginx-ssl

With reverse proxy

# generate nginx.service
docker run --rm \
  -e PORT=80 \
  -e SSL_PORT=443 \
  -e SSL_DOMAIN=mycompany.com \
  -e SSL_EMAIL=me@email.com \
  -e DEFAULT_PROXY=1 \
  -e PROXY_HOST=odoo \
  -e PROXY_PORT=8080 \
  -e LINK_CONTAINERS=odoo:odoo,nginx:website \
  madharjan/docker-nginx:1.10.3 \
  nginx-systemd-unit | \
  sudo tee /etc/systemd/system/nginx-ssl.service

sudo systemctl enable nginx-ssl
sudo systemctl start nginx-ssl

Add virtualhost reverse proxy config

Variable Default Example
PROXY_VHOST_NAME myapp.local
PROXY_SCHEME http https
PROXY_HOST 127.0.0.1
PROXY_PORT 8080 8000
SSL_EMAIL me@email.com
# add proxy.conf
docker exec -it \
  -e PROXY_VHOST_NAME=myapp.company.com \
  -e PROXY_HOST=172.18.0.5 \
  -e PROXY_PORT=8080 \
  -e SSL_MAIL=me@mail.com \
  nginx-ssl \
  nginx-ssl-vhost-proxy-conf