NGINX-LE - Nginx web and proxy with automatic let's encrypt
Simple nginx image (alpine based) with integrated Let's Encrypt support.
How to use
- get docker-compose.yml and change things:
- set timezone to your local, for example
TZ=UTC
. For more timezone values check/usr/share/zoneinfo
directory - set
LETSENCRYPT=true
if you want automatic certificate install and renewal LE_EMAIL
should be your email andLE_FQDN
for domain- for multiple FQDNs you can pass comma-separated list, like
LE_FQDN=aaa.example.com,bbb.example.com
- alternatively set
LETSENCRYPT
tofalse
and pass your own cert inSSL_CERT
, key inSSL_KEY
andSSL_CHAIN_CERT
- use provided
etc/service-example.conf
to make your ownetc/service.conf
. Keep ssl directives as is:ssl_certificate SSL_CERT; ssl_certificate_key SSL_KEY; ssl_trusted_certificate SSL_CHAIN_CERT;
- set timezone to your local, for example
- make sure
volumes
in docker-compose.yml changed to your service config - you can map multiple custom config files in compose for any
service*.conf
(see docker-compose.yml forservice2.conf
) - pull image -
docker-compose pull
- if you don't want pre-built image, make you own.
docker-compose build
will do it - start it
docker-compose up
Some implementation details
- image uses alpine's
certbot
package. script/entrypoint.sh
requests LE certificate and will refresh every 10 days in case if certificate is close to expiration (30day)script/le.sh
gets SSL- nginx-le on docker-hub
- A+ overall rating on ssllabs
Alternatives
- Træfik HTTP reverse proxy and load balancer. Supports Let's Encrypt directly.
- Caddy supports Let's Encrypt directly.
- leproxy small and nice (stand alone) https reverse proxy with automatic Letsencrypt
- bunch of others
Examples
- Reverse proxy for WebRTC solutions, where you need multiple ports on one domain to reach different services behind your
nginx-le
container.