This container provides an HAProxy instance with Let's Encrypt certificates generated at startup using acme.sh with the tls-alpn-01 method. This is useful if you can't use port 80 for verification.
docker pull mwohlert/haproxy-acmesh-alpn
docker build -t haproxy-acmesh-alpn:latest .
Example of run command (replace DOMAIN, TEST and volume paths with yours) Setting TEST to true will result in staging letsencrypt certificates, which is useful for testing.
docker run --name lb -d \
-e DOMAINS=my.domain,my.other.domain \
-e TEST=false \
-v /srv/letsencrypt:/root/.acme.sh \
-v /srv/haproxycfg/haproxy.cfg:/etc/haproxy/haproxy.cfg \
--network my_network \
-p 80:80 -p 443:443 \
mwohlert/haproxy-acmesh-alpn:latest
Use the docker-compose.yml file in run
directory (it creates 2 containers, the haproxy one and a nginx container linked in haproxy configuration for test purposes)
docker-compose.yml file contenct:
version: '3'
services:
haproxy:
container_name: lb
environment:
- DOMAINS=my.domain,my.other.domain
- TEST=false
volumes:
- '$PWD/data/letsencrypt:/root/.acme.sh'
- '$PWD/data/haproxy.cfg:/etc/haproxy/haproxy.cfg'
networks:
- lbnet
ports:
- '80:80'
- '443:443'
image: 'mwohlert/haproxy-acmesh-alpn:latest'
nginx:
container_name: www
networks:
- lbnet
image: nginx
networks:
lbnet:
docker-compose up -d
Every 2 months a cron job check for expiring certificates with certbot agent and reload haproxy if a certificate is renewed. No containers restart needed.
This project is licensed under the MIT License - see the LICENSE.md file for details.