Valian / Docker Nginx Auto Ssl
Licence: mit
Docker image for automatic generation of SSL certs using Let's encrypt and Open Resty
Stars: ✭ 282
Projects that are alternatives of or similar to Docker Nginx Auto Ssl
Lua Resty Auto Ssl
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
Stars: ✭ 1,786 (+533.33%)
Mutual labels: openresty, ssl, letsencrypt, nginx
Ceryx
Dynamic reverse proxy based on NGINX OpenResty with an API
Stars: ✭ 688 (+143.97%)
Mutual labels: ssl, letsencrypt, nginx
Serverpilot Letsencrypt
Automate the installation of Let's Encrypt SSL on the free plan of ServerPilot
Stars: ✭ 129 (-54.26%)
Mutual labels: ssl, letsencrypt, nginx
Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (+51.42%)
Mutual labels: ssl, letsencrypt, nginx
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+5213.12%)
Mutual labels: ssl, letsencrypt, nginx
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (-38.3%)
Mutual labels: ssl, letsencrypt, nginx
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (+30.14%)
Mutual labels: letsencrypt, ssl
lua-resty-acme
Automatic Let's Encrypt certificate serving and Lua implementation of ACMEv2 procotol
Stars: ✭ 95 (-66.31%)
Mutual labels: letsencrypt, openresty
httpsify
a transparent HTTPS termination proxy using letsencrypt with auto certification renewal
Stars: ✭ 107 (-62.06%)
Mutual labels: letsencrypt, ssl
LeSslCertToAzure
Powershell Module that creates a SSL/TLS Certificate with Let's Encrypt Service and apply to an Azure Application Gateway.
Stars: ✭ 14 (-95.04%)
Mutual labels: letsencrypt, ssl
acme2
Another PHP client for acme protocal (version 2) implementation, used for generating letsencrypt's free ssl certificates.
Stars: ✭ 45 (-84.04%)
Mutual labels: letsencrypt, ssl
MySB
MySB (MySeedBox) is more than a simplified installation script of a multi-users Seedbox. There are many solutions to install a Seedbox, but we never talk about safety and regular operations. MySB could be renamed MySSB (MySecuredSeedBox).
Stars: ✭ 105 (-62.77%)
Mutual labels: letsencrypt, ssl
cfn-api-gateway-custom-domain
API Gateway custom domains as CloudFormation resources, backed by Let's Encrypt
Stars: ✭ 17 (-93.97%)
Mutual labels: letsencrypt, ssl
certbot-dns-loopia
Loopia DNS authentication plugin for Certbot
Stars: ✭ 28 (-90.07%)
Mutual labels: letsencrypt, ssl
mediastack
All in one Docker Compose media server
Stars: ✭ 42 (-85.11%)
Mutual labels: letsencrypt, ssl
freshcerts
ACME certificate protocol (Let's Encrypt) proxy client with a dashboard and monitoring
Stars: ✭ 59 (-79.08%)
Mutual labels: letsencrypt, ssl
letsencrypt-www
Probably the easiest way to create | renew | deploy certificate
Stars: ✭ 27 (-90.43%)
Mutual labels: letsencrypt, ssl
docker-nginx-auto-ssl
The simpliest solution to add SSL cert to your site
Docker image for automatic generation of SSL certs using Let's encrypt and Open Resty, with reasonable SSL settings, HTTP/2 and WebSockets support out-of-the-box.
You can specify allowed domains and simple proxies using ENV variables, and easily override nginx.conf to your needs.
This is possible thanks to OpenResty and lua-resty-auto-ssl.
Image status: used in production. Some backward-compatible changes may be added in the future.
Usage
Quick start to generate and auto-renew certs for your blog / application:
# replace these values
export DOMAIN=yourdomain.com
export APP_ADDRESS=localhost:8080
# install docker first, and then run following command
docker run -d \
--name nginx-auto-ssl \
--restart on-failure \
--network host \
-e ALLOWED_DOMAINS="$DOMAIN" \
-e SITES="$DOMAIN=$APP_ADDRESS" \
-v ssl-data:/etc/resty-auto-ssl \
valian/docker-nginx-auto-ssl
# display logs from container, to check if everything is fine.
docker logs nginx-auto-ssl
Docker-compose example:
# docker-compose.yml
version: '2'
services:
nginx:
image: valian/docker-nginx-auto-ssl
restart: on-failure
ports:
- 80:80
- 443:443
volumes:
- ssl_data:/etc/resty-auto-ssl
environment:
ALLOWED_DOMAINS: 'yourdomain.com'
SITES: 'yourdomain.com=myapp:80'
# your application, listening on port specified in `SITES` env variable
myapp:
image: nginx
volumes:
ssl_data:
start using
docker-compose up -d
Both cases will work when request to yourdomain.com will reach just-deployed nginx (so when it will be running on your server, with correctly defined DNS entry).
Available configuration options:
| Variable | Example | Description |
|---|---|---|
| ALLOWED_DOMAINS |
(www|api).example.com, example.com, ([a-z]+.)?example.com
|
Regex pattern of allowed domains. Internally, we're using ngx.re.match. By default we accept all domains |
| DIFFIE_HELLMAN | true |
Force regeneration of dhparam.pem. If not specified, default one is used. |
| SITES |
db.com=localhost:5432; *.app.com=localhost:8080, _=localhost:8080
|
Shortcut for defining multiple proxies, in form of domain1=endpoint1; domain2=endpoint2. Default template for proxy is here. Name _ means default server, just like in nginx configuration |
| FORCE_HTTPS |
true, false
|
If true, automatically adds location to resty-server-http.conf redirecting traffic from http to https. true by default. |
| LETSENCRYPT_URL |
https://acme-v02.api.letsencrypt.org/directory, https://acme-staging-v02.api.letsencrypt.org/directory
|
Let's Encrypt server URL to use |
| RESOLVER_ADDRESS |
8.8.8.8, 127.0.0.53
|
DNS resolver used for OCSP stapling. 8.8.8.8 by default. To disable ipv6 append ipv6=off, eg 8.8.8.8 ipv6=off
|
| STORAGE_ADAPTER |
file, redis
|
Location to store generated certificates. Best practice is redis in order to avoid I/O blocking in OpenResty and make the certs available across multiple containers (for a load balanced environment) . file by default |
| REDIS_HOST |
hostname, ip address
|
The redis host name to use for cert storage. Required if STORAGE_ADAPTER=redis
|
| REDIS_PORT | port number |
The redis port number. 6379 by default |
| REDIS_DB | db_number |
The Redis database number used by lua-resty-auto-ssl to save certificates. 0 by default |
| REDIS_KEY_PREFIX | some-prefix |
Prefix all keys stored in Redis with this string. '' by default |
If you want to proxy multiple sites (probably the most common case, that's why I've made it possible to achieve without custom configuration):
docker run -d \
--name nginx-auto-ssl \
--restart on-failure \
-p 80:80 \
-p 443:443 \
-e ALLOWED_DOMAINS=example.com \
-e SITES='example.com=localhost:5432;*.example.com=localhost:8080' \
valian/docker-nginx-auto-ssl
Customization
Includes from /etc/nginx/conf.d/*.conf
Additional server blocks are automatically loaded from /etc/nginx/conf.d/*.conf. If you want to provide your own configuration, you can either use volumes or create custom image.
Example server configuration (for example, named server.conf)
server {
listen 443 ssl default_server;
# remember about this line!
include resty-server-https.conf;
location / {
proxy_pass http://app;
}
location /api {
proxy_pass http://api;
}
}
Volumes way
# instead of $PWD, use directory with your custom configurations
docker run -d \
--name nginx-auto-ssl \
--restart on-failure \
-p 80:80 \
-p 443:443 \
-v $PWD:/etc/nginx/conf.d
valian/docker-nginx-auto-ssl
Custom image way
FROM valian/docker-nginx-auto-ssl
# instead of . use directory with your configurations
COPY . /etc/nginx/conf.d
docker build -t docker-nginx-auto-ssl .
docker run [YOUR_OPTIONS] docker-nginx-auto-ssl
Using $SITES with your own template
You have to override /usr/local/openresty/nginx/conf/server-proxy.conf either using volume or custom image. Basic templating is implemented for variables $SERVER_NAME and $SERVER_ENDPOINT.
Example template:
server {
listen 443 ssl;
server_name $SERVER_NAME;
include resty-server-https.conf;
location / {
proxy_pass http://$SERVER_ENDPOINT;
}
}
Your own nginx.conf
If you have custom requirements and other customization options are not enough, you can easily provide your own configuration.
Example Dockerfile:
FROM valian/docker-nginx-auto-ssl
COPY nginx.conf /usr/local/openresty/nginx/conf/
Minimal working nginx.conf:
events {
worker_connections 1024;
}
http {
# required
include resty-http.conf;
server {
listen 443 ssl;
# required
include resty-server-https.conf;
# you should add your own locations here
}
server {
listen 80 default_server;
# required
include resty-server-http.conf;
}
}
Minimal nginx.conf with support for $SITES and conf.d includes
events {
worker_connections 1024;
}
http {
include resty-http.conf;
server {
listen 80 default_server;
include resty-server-http.conf;
}
# you can insert your blocks here or inside conf.d
include /etc/nginx/conf.d/*.conf;
}
Build and run it using
docker build -t docker-nginx-auto-ssl .
docker run [YOUR_OPTIONS] docker-nginx-auto-ssl
CHANGELOG
- 11-11-2019 - Added gzip support and dropped TLS 1.0 and 1.1 #33
- 18-04-2019 - Added WebSocket support #22
- 29-05-2017 - Fixed duplicate redirect location after container restart #2
-
19-12-2017 - Support for
$SITESvariable - 2-12-2017 - Dropped HSTS by default
- 25-11-2017 - Initial release
LICENCE
MIT
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].