How to configure Let's encrypt certificates for nginx inside a docker image?
I add my mistake. Maybe someone will find it useful.
I mounted the /live directory of letsencrypt and not the whole letsencrypt directory tree.
The problem with this:
The /live folder just holds symlinks to the /archive folder that is not mounted to the docker container with my approach.(In fact I even mounted a /certs folder that symlinked to the live folder because I had that certs folder in the development environment, same problem..the real (symlinked) files were not mounted)
All problems went away when I mounted /etc/letsencrypt instead of /live
A part of my docker-compose.yml
services: ngx: image: nginx container_name: ngx ports: - 80:80 - 443:443 links: - php-fpm volumes: - ../../com/website:/var/www/html/website - ./nginx.conf:/etc/nginx/nginx.conf - ./nginx_conf.d/:/etc/nginx/conf.d/ - ./nginx_logs/:/var/log/nginx/ - ../whereever/you/haveit/etc/letsencrypt/:/etc/letsencrypt
The last line in that config is the important one. Changed it from
- ./certs/:/etc/nginx/certs/
And /certs was a symlink to /etc/letsencrypt/live in my case. This can not work as I described above.
If anyone having this problem, I've solved it by mounting the folders into docker container.
- I've mounted both
etc/letsencrypt
andetc/ssl
folders into docker - Docker has
-v
flag to mount volumes. Don't forget to openport 443
for the container.
Based on how you mount it it's possible to enable https in docker container without changing nginx paths.
docker run -d -p 80:80 -p 443:443 -v /etc/letsencrypt/:/etc/letsencrypt/ -v /etc /ssl/:/etc/ssl/ <image name>
If you are using nginx, Docker and Letsencrypt you might like the following Github project: https-portal.
It automates a lot of manual actions, and makes it easy to manage your configurations using docker-compose
. From the README:
Features
- Test Locally
- Redirections
- Automatic Container Discovery
- Hybrid Setup with Non-Dockerized Apps
- Multiple Domains
- Serving Static Sites
- Share Certificates with Other Apps
- HTTP Basic Auth
How it works
- obtains an SSL certificate for each of your subdomains from Let's Encrypt.
- configures Nginx to use HTTPS (and force HTTPS by redirecting HTTP to HTTPS)
- sets up a cron job that checks your certificates every week, and renew them. if they expire in 30 days.
For some background.. The project was also discussed on Hacker News: HTTPS-Portal: Automated HTTPS server powered by Nginx, Let’s Encrypt and Docker
(Disclaimer: I have no affiliation to the project, just a user)