Docker Nginx Proxy with Let's Encrypt simplifies application integration with Let's Encrypt.
This project provides a simple nginx configuration and auto-updating Let's Encrypt for integration with existing services.
Docker Hub image: docker-nginx-letsencrypt-proxy
The following docker environment variables are required for proper usage:
LE_EMAIL
, the email address for use with Let's Encrypt (simply registers your public key for retrieval).LE_DOMAIN
, a comma separated list of domains current configured to point at your serverPROXY_DEST
, a comma separated list of destinations for the proxied services; along the lines ofhttp://mydestination.com
orhttp://localhost:8000
. There should be as many destinations asLE_DOMAIN
s; however, for each without a corresponding destination, the first destination will be used for the remainingLE_DOMAIN
s.SLACK_NOTIFICATIONS_INFRA_URL
(optional), the slack webhook integration URL to receive slack notifications upon certificate update orletsencrypt-auto
error.LE_ENABLED
(optional, defaults to true), For local, non-public development stacks, set tofalse
. This will disable requests to Let's Encrypt for certificates and use self signed certificates instead.LE_TEST
(optional), LE is rate limited. While testing your stack, be sure to set testing mode so requests don't count against your domain quota. Such certificates will not be valid, but are sufficient to test your setup.- See https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769 for more information.
TLS_SETTING
(optional), one ofMODERN
,INTERMEDIATE
, OROLD
. All other values will be igored.MODERN
is default to allow for the best security setting.- See https://wiki.mozilla.org/Security/Server_Side_TLS for more details
- See docker-entrypoint.sh for the suites used
- Updated April 17, 2016
- This setting will correspond to the following browser compatibilities:
Configuration | Oldest compatible client |
---|---|
MODERN |
Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, Java 8 |
INTERMEDIATE |
Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 |
OLD |
Windows XP IE6, Java 6 |
- Move the resulting certificates to
/etc/nginx/ssl
- Tell
supervisor
to restart nginx:supervisorctl restart nginx
- If
SLACK_NOTIFICATIONS_INFRA_URL
is set, send a notification to your slack channel.
- The image is configured to request a Let's Encrypt certificate for each of the (comma separated) domains listed in the
LE_DOMAIN
env variable provided indocker-compose.yml
- Since Let's Encrypt is rate limited, an env variable of
LE_TEST=true
can be provided during testing (indocker-compose.yml
).
- Since Let's Encrypt is rate limited, an env variable of
supervisor
handles the running of nginx and the letsencrypt event handler, which is run every hour.- If the hourly Let's Encrypt script yields an updated certificate, files are copied and
nginx
is restarted using the supervisor control call.- Provide a
SLACK_NOTIFICATIONS_INFRA_URL
in thedocker-compose.yml
to get a Slack notification of a certificate update!
- Provide a