GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → smashwilson → Lets Nginx

smashwilson / Lets Nginx

Push button, get TLS

Programming Languages

shell
77523 projects

Labels

dockernginxtlsletsencrypt

Projects that are alternatives of or similar to Lets Nginx

Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (+149.71%)
Mutual labels:  tls, letsencrypt, nginx
Netcore Postgres Oauth Boiler
A basic .NET Core website boilerplate using PostgreSQL for storage, Adminer for db management, Let's Encrypt for SSL certificates and NGINX for routing.
Stars: ✭ 57 (-66.67%)
Mutual labels:  tls, letsencrypt, nginx
Dockerfiles
lots of dockerfiles, based on alpine
Stars: ✭ 69 (-59.65%)
Mutual labels:  letsencrypt, nginx
Acme client
Java ACME Client application
Stars: ✭ 77 (-54.97%)
Mutual labels:  tls, letsencrypt
Gobetween
☁️ Modern & minimalistic load balancer for the Сloud era
Stars: ✭ 1,631 (+853.8%)
Mutual labels:  tls, letsencrypt
Docker Nginx Letsencrypt Upstream
infrastructure: docker-compose config for node and redis behind upstream nginx ( SSL/HTTPS ) on debian jessie
Stars: ✭ 47 (-72.51%)
Mutual labels:  letsencrypt, nginx
Vpstoolbox
一键安装Trojan-GFW代理,Hexo博客,Nextcloud等應用程式。
Stars: ✭ 1,080 (+531.58%)
Mutual labels:  letsencrypt, nginx
Docker Nginx Gunicorn Flask Letsencrypt
Boilerplate code for setting up Nginx + Gunicorn + Flask + automated LetsEncrypt certificates (https) using docker-compose.
Stars: ✭ 117 (-31.58%)
Mutual labels:  letsencrypt, nginx
Ceryx
Dynamic reverse proxy based on NGINX OpenResty with an API
Stars: ✭ 688 (+302.34%)
Mutual labels:  letsencrypt, nginx
Lua Resty Auto Ssl
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
Stars: ✭ 1,786 (+944.44%)
Mutual labels:  letsencrypt, nginx
V2ray Agent
(VLESS+TCP+TLS/VLESS+TCP+XTLS/VLESS+gRPC+TLS/VLESS+WS+TLS/VMess+TCP+TLS/VMess+WS+TLS/Trojan+TCP+TLS/Trojan+gRPC+TLS/Trojan+TCP+XTLS)+伪装站点、八合一共存脚本,支持多内核安装
Stars: ✭ 4,133 (+2316.96%)
Mutual labels:  tls, nginx
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+1280.7%)
Mutual labels:  nginx, letsencrypt
Greenlock
Automatic SSL renewal for NodeJS
Stars: ✭ 30 (-82.46%)
Mutual labels:  tls, letsencrypt
Docker Nginx Http3
Alpine Linux image with Nginx 1.19.4 (mainline) with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS support, and 10 MB size. All built on the bleeding edge for max performance. Built on the edge, for the edge.
Stars: ✭ 820 (+379.53%)
Mutual labels:  tls, nginx
Xray onekey
Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本
Stars: ✭ 7,012 (+4000.58%)
Mutual labels:  tls, nginx
Dockerweb
A docker-powered bash script for shared web hosting management. The ultimate Docker LAMP/LEMP Stack.
Stars: ✭ 89 (-47.95%)
Mutual labels:  letsencrypt, nginx
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+8661.99%)
Mutual labels:  letsencrypt, nginx
Lego
Let's Encrypt client and ACME library written in Go
Stars: ✭ 4,978 (+2811.11%)
Mutual labels:  tls, letsencrypt
Kube Cert Manager
Manage Lets Encrypt certificates for a Kubernetes cluster.
Stars: ✭ 518 (+202.92%)
Mutual labels:  tls, letsencrypt
Serverpilot Letsencrypt
Automate the installation of Let's Encrypt SSL on the free plan of ServerPilot
Stars: ✭ 129 (-24.56%)
Mutual labels:  letsencrypt, nginx
View All Similar Projects ➔

Let's Nginx

dockerhub build

Put browser-valid TLS termination in front of any Dockerized HTTP service with one command.

docker run --detach \
  --name lets-nginx \
  --link backend:backend \
  --env EMAIL=[email protected] \
  --env DOMAIN=mydomain.horse \
  --env UPSTREAM=backend:8080 \
  --publish 80:80 \
  --publish 443:443 \
  smashwilson/lets-nginx

Issues certificates from letsencrypt, installs them in nginx, and schedules a cron job to reissue them monthly.

⚡️ To run unattended, this container accepts the letsencrypt terms of service on your behalf. Make sure that the subscriber agreement is acceptable to you before using this container. ⚡️

Prerequisites

Before you begin, you'll need:

  1. A place to run Docker containers with a public IP.
  2. A domain name with an A record pointing to your cluster.

Usage

Launch your backend container and note its name, then launch smashwilson/lets-nginx with the following parameters:

  • --link backend:backend to link your backend service's container to this one. (This may be unnecessary depending on Docker's networking configuration.)
  • -e EMAIL= your email address, used to register with letsencrypt.
  • -e DOMAIN= the domain name.
  • -e UPSTREAM= the name of your backend container and the port on which the service is listening.
  • -p 80:80 and -p 443:443 so that the letsencrypt client and nginx can bind to those ports on your public interface.
  • -e STAGING=1 uses the Let's Encrypt staging server instead of the production one. I highly recommend using this option to double check your infrastructure before you launch a real service. Let's Encrypt rate-limits the production server to issuing five certificates per domain per seven days, which (as I discovered the hard way) you can quickly exhaust by debugging unrelated problems!
  • -v {PATH_TO_CONFIGS}:/configs:ro specify manual configurations for select domains. Must be in the form {DOMAIN}.conf to be recognized.

Using more than one backend service

You can distribute traffic to multiple upstream proxy destinations, chosen by the Host header. This is useful if you have more than one container you want to access with https.

To do so, separate multiple corresponding values in the DOMAIN and UPSTREAM variables separated by a ;:

-e DOMAIN="domain1.com;sub.domain1.com;another.domain.net"
-e UPSTREAM="backend:8080;172.17.0.5:60;container:5000"

Caching the Certificates and/or DH Parameters

Since --links don't survive the re-creation of the target container, you'll need to coordinate re-creating the proxy container. In this case, you can cache the certificates and Diffie-Hellman parameters with the following procedure:

Do this once:

docker volume create --name letsencrypt
docker volume create --name letsencrypt-backups
docker volume create --name dhparam-cache

Then start the container, attaching the volumes you just created:

docker run --detach \
  --name lets-nginx \
  --link backend:backend \
  --env EMAIL=[email protected] \
  --env DOMAIN=mydomain.horse \
  --env UPSTREAM=backend:8080 \
  --publish 80:80 \
  --publish 443:443 \
  --volume letsencrypt:/etc/letsencrypt \
  --volume letsencrypt-backups:/var/lib/letsencrypt \
  --volume dhparam-cache:/cache \
  smashwilson/lets-nginx

Adjusting Nginx configuration

The entry point of this image processes the nginx.conf file in /templates and places the result in /etc/nginx/nginx.conf. Additionally, the file /templates/vhost.sample.conf will be processed once for each ;-delimited pair of values in $DOMAIN and $UPSTREAM. The result of each will be placed at /etc/nginx/vhosts/${DOMAINVALUE}.conf.

The following variable substitutions are made while processing all of these files:

  • ${DOMAIN}
  • ${UPSTREAM}

For example, to adjust nginx.conf, create that file in your new image directory with the baseline content and desired modifications. Within your Dockerfile ADD this file and it will be used to create the nginx configuration instead.

FROM smashwilson/lets-nginx

ADD nginx.conf /templates/nginx.conf
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].