How to configure Let's encrypt certificates for nginx inside a docker image? How to configure Let's encrypt certificates for nginx inside a docker image? docker docker

How to configure Let's encrypt certificates for nginx inside a docker image?


ssl encryption nginx docker lets-encrypt

I add my mistake. Maybe someone will find it useful.

I mounted the /live directory of letsencrypt and not the whole letsencrypt directory tree.

The problem with this:
The /live folder just holds symlinks to the /archive folder that is not mounted to the docker container with my approach.(In fact I even mounted a /certs folder that symlinked to the live folder because I had that certs folder in the development environment, same problem..the real (symlinked) files were not mounted)

All problems went away when I mounted /etc/letsencrypt instead of /live

A part of my docker-compose.yml

  services:    ngx:      image: nginx      container_name: ngx      ports:        - 80:80        - 443:443      links:        - php-fpm      volumes:        - ../../com/website:/var/www/html/website        - ./nginx.conf:/etc/nginx/nginx.conf        - ./nginx_conf.d/:/etc/nginx/conf.d/        - ./nginx_logs/:/var/log/nginx/        - ../whereever/you/haveit/etc/letsencrypt/:/etc/letsencrypt

The last line in that config is the important one. Changed it from

- ./certs/:/etc/nginx/certs/

And /certs was a symlink to /etc/letsencrypt/live in my case. This can not work as I described above.

ssl encryption nginx docker lets-encrypt

If anyone having this problem, I've solved it by mounting the folders into docker container.

  • I've mounted both etc/letsencrypt and etc/ssl folders into docker
  • Docker has -vflag to mount volumes. Don't forget to open port 443 for the container.

Based on how you mount it it's possible to enable https in docker container without changing nginx paths. 

docker run -d -p 80:80 -p 443:443 -v /etc/letsencrypt/:/etc/letsencrypt/ -v /etc /ssl/:/etc/ssl/ <image name>

ssl encryption nginx docker lets-encrypt

If you are using nginx, Docker and Letsencrypt you might like the following Github project: https-portal.

It automates a lot of manual actions, and makes it easy to manage your configurations using docker-compose. From the README:

Features

  • Test Locally
  • Redirections
  • Automatic Container Discovery
  • Hybrid Setup with Non-Dockerized Apps
  • Multiple Domains
  • Serving Static Sites
  • Share Certificates with Other Apps
  • HTTP Basic Auth

How it works

  • obtains an SSL certificate for each of your subdomains from Let's Encrypt.
  • configures Nginx to use HTTPS (and force HTTPS by redirecting HTTP to HTTPS)
  • sets up a cron job that checks your certificates every week, and renew them. if they expire in 30 days.

For some background.. The project was also discussed on Hacker News: HTTPS-Portal: Automated HTTPS server powered by Nginx, Let’s Encrypt and Docker

(Disclaimer: I have no affiliation to the project, just a user)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last