Wednesday, June 29, 2016

The easiest way to use letsencrypt with jwilder/nginx-proxy

At jwilder/nginx-proxy issue can you add Let's Encrypt one can find discussion on how to add letsencrypt support for popular nginx-proxy for docker.
The easy way to do this that works for a while on our production environment is docker-letsencrypt-nginx-proxy-companion. Features follow.
  1. Automatic creation/renewal of Let's Encrypt certificates using original nginx-proxy container.
  2. Support creation of Multi-Domain (SAN) Certificates.
  3. Automatically creation of a Strong Diffie-Hellman Group (for having an A+ Rate on the Qualsys SSL Server Test).
  4. Work with all versions of docker.
Below is an example of docker-compose.yml - this is all you need to get started, no additional configurations
nginx:
  image: jwilder/nginx-proxy
  volumes:
    - ./certs:/etc/nginx/certs
    - ./my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf
    - ./web:/usr/share/nginx/html
    - ./vhost.d:/etc/nginx/vhost.d
    - ./htpasswd:/etc/nginx/htpasswd
    - /var/run/docker.sock:/tmp/docker.sock:ro
  ports:
    - 80:80
    - 443:443
letsencrypt:
  image: jrcs/letsencrypt-nginx-proxy-companion
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
  volumes_from:
    - nginx