GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nginx-le → Nginx Le

nginx-le / Nginx Le

Licence: apache-2.0
Nginx with automatic let's encrypt (docker image)

Programming Languages

shell
77523 projects

Labels

dockerautomationproxynginxletsencryptssl-certificates

Projects that are alternatives of or similar to Nginx Le

Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (-10.11%)
Mutual labels:  proxy, letsencrypt, ssl-certificates, nginx
Ansible Rails
Ruby on Rails deployment using Ansible - with Lets Encrypt, Sidekiq, PostgreSQL, nginx & puma
Stars: ✭ 199 (-58.11%)
Mutual labels:  automation, letsencrypt, nginx
Docker Nginx Gunicorn Flask Letsencrypt
Boilerplate code for setting up Nginx + Gunicorn + Flask + automated LetsEncrypt certificates (https) using docker-compose.
Stars: ✭ 117 (-75.37%)
Mutual labels:  letsencrypt, ssl-certificates, nginx
Ansipress
AnsiPress - Simple L(Linux) E(NGINX) M(MariaDB) P(PHP7) Shared Hosting Setup
Stars: ✭ 184 (-61.26%)
Mutual labels:  automation, letsencrypt, nginx
Ceryx
Dynamic reverse proxy based on NGINX OpenResty with an API
Stars: ✭ 688 (+44.84%)
Mutual labels:  proxy, letsencrypt, nginx
Easyengine
Command-line control panel for Nginx Server to manage WordPress sites running on Nginx, PHP, MySQL, and Let's Encrypt
Stars: ✭ 1,881 (+296%)
Mutual labels:  automation, nginx
Aenigma
The | state-of-the-art | secure-by-default | one-touch-deployed | XMPP server for everyone.
Stars: ✭ 160 (-66.32%)
Mutual labels:  automation, letsencrypt
Assh
💻 make your ssh client smarter
Stars: ✭ 2,340 (+392.63%)
Mutual labels:  automation, proxy
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (-22.74%)
Mutual labels:  letsencrypt, ssl-certificates
ght-acme.sh
Shell script to sign certificate by the letsencrypt CA
Stars: ✭ 31 (-93.47%)
Mutual labels:  letsencrypt, ssl-certificates
Open Proxy
一键部署被墙网站反向代理; 免翻墙访问被禁网站
Stars: ✭ 274 (-42.32%)
Mutual labels:  proxy, nginx
Arkade
Open Source Kubernetes Marketplace
Stars: ✭ 2,343 (+393.26%)
Mutual labels:  automation, nginx
Grawler
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
Stars: ✭ 98 (-79.37%)
Mutual labels:  automation, proxy
Gocertcenter
CertCenter API Go Implementation
Stars: ✭ 21 (-95.58%)
Mutual labels:  automation, ssl-certificates
Proxygateway
Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等
Stars: ✭ 335 (-29.47%)
Mutual labels:  proxy, nginx
Wordops
Install and manage a high performance WordPress stack with a few keystrokes
Stars: ✭ 649 (+36.63%)
Mutual labels:  automation, nginx
Rancher Letsencrypt
🐮 Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA
Stars: ✭ 318 (-33.05%)
Mutual labels:  letsencrypt, ssl-certificates
Acme Client
Let's Encrypt / ACME client written in PHP for the CLI.
Stars: ✭ 337 (-29.05%)
Mutual labels:  automation, letsencrypt
Exporter exporter
A reverse proxy designed for Prometheus exporters
Stars: ✭ 194 (-59.16%)
Mutual labels:  proxy, nginx
Net Shield
An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices - Beta
Stars: ✭ 202 (-57.47%)
Mutual labels:  proxy, nginx
View All Similar Projects ➔

NGINX-LE - Nginx web and proxy with automatic let's encrypt Docker Automated build

Simple nginx image (alpine based) with integrated Let's Encrypt support.

How to use

  • get docker-compose.yml and change things:
    • set timezone to your local, for example TZ=UTC. For more timezone values check /usr/share/zoneinfo directory
    • set LETSENCRYPT=true if you want an automatic certificate install and renewal
    • LE_EMAIL should be your email and LE_FQDN for domain
    • for multiple FQDNs you can pass comma-separated list, like LE_FQDN=aaa.example.com,bbb.example.com
    • alternatively set LETSENCRYPT to false and pass your own cert in SSL_CERT, key in SSL_KEY and SSL_CHAIN_CERT
    • use provided etc/service-example.conf to make your own etc/service.conf. Keep ssl directives as is: 
      ssl_certificate SSL_CERT;
ssl_certificate_key SSL_KEY;
ssl_trusted_certificate SSL_CHAIN_CERT;
  • make sure volumes in docker-compose.yml changed to your service config
  • you can map multiple custom config files to in compose using service*.conf filename pattern, see service2.conf in docker-compose.yml file for reference
  • pull image - docker-compose pull
  • if you don't want pre-built image, make you own. docker-compose build will do it
  • start it docker-compose up

Configuration files variables replacement

On start of the container all following text matches in custom configuration files you mounted will be replaced, variable with dollar sign ($, like $LE_FQDN) will be taken from environment, please see next table for their list.

Matching pattern Value nginx usage Description
SSL_CERT /etc/nginx/ssl/$SSL_CERT ssl_certificate Public SSL certificate, sent to client
SSL_KEY /etc/nginx/ssl/$SSL_KEY ssl_certificate_key SSL private key, not sent to client
SSL_CHAIN_CERT /etc/nginx/ssl/$SSL_CHAIN_CERT ssl_trusted_certificate Trusted SSL certificates, not sent to client
LE_FQDN $LE_FQDN server_name List of domains, useful for configuration with single server block

Environment variables list

Variable Default value Description
SSL_CERT le-key.pem certbot privkey.pem new filename
SSL_KEY le-crt.pem certbot fullchain.pem new filename
SSL_CHAIN_CERT le-chain-crt.pem certbot chain.pem new filename
LETSENCRYPT false Enables Let's Encrypt certificate retrieval and renewal
LE_FQDN comma-separated list of domains for Let's Encrypt certificate, required if LETSENCRYPT is true
LE_EMAIL comma-separated list of emails for Let's Encrypt certificate, required if LETSENCRYPT is true
TZ Timezone, if set will be written to container's /etc/timezone

Some implementation details

Important: provided nginx.conf handles http->https redirect automatically, no need to add it into your custom service.conf. In case if you need a custom server on http (:80) port, make sure you handle /.well-known/ path needed for LE challenge.

  • image uses alpine's certbot package.
  • script/entrypoint.sh requests LE certificate and will refresh every 10 days in case if certificate is close to expiration (30day)
  • script/le.sh gets SSL
  • nginx-le on docker-hub
  • A+ overall rating on ssllabs

ssllabs

Alternatives

  • Træfik HTTP reverse proxy and load balancer. Supports Let's Encrypt directly.
  • Caddy supports Let's Encrypt directly.
  • leproxy small and nice (stand alone) https reverse proxy with automatic Letsencrypt
  • bunch of others

Examples

  • Reverse proxy for WebRTC solutions, where you need multiple ports on one domain to reach different services behind your nginx-le container.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].