nginx-le / Nginx Le
Licence: apache-2.0
Nginx with automatic let's encrypt (docker image)
Stars: ✭ 475
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Nginx Le
Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (-10.11%)
Mutual labels: proxy, letsencrypt, ssl-certificates, nginx
Ansible Rails
Ruby on Rails deployment using Ansible - with Lets Encrypt, Sidekiq, PostgreSQL, nginx & puma
Stars: ✭ 199 (-58.11%)
Mutual labels: automation, letsencrypt, nginx
Docker Nginx Gunicorn Flask Letsencrypt
Boilerplate code for setting up Nginx + Gunicorn + Flask + automated LetsEncrypt certificates (https) using docker-compose.
Stars: ✭ 117 (-75.37%)
Mutual labels: letsencrypt, ssl-certificates, nginx
Ansipress
AnsiPress - Simple L(Linux) E(NGINX) M(MariaDB) P(PHP7) Shared Hosting Setup
Stars: ✭ 184 (-61.26%)
Mutual labels: automation, letsencrypt, nginx
Ceryx
Dynamic reverse proxy based on NGINX OpenResty with an API
Stars: ✭ 688 (+44.84%)
Mutual labels: proxy, letsencrypt, nginx
Easyengine
Command-line control panel for Nginx Server to manage WordPress sites running on Nginx, PHP, MySQL, and Let's Encrypt
Stars: ✭ 1,881 (+296%)
Mutual labels: automation, nginx
Aenigma
The | state-of-the-art | secure-by-default | one-touch-deployed | XMPP server for everyone.
Stars: ✭ 160 (-66.32%)
Mutual labels: automation, letsencrypt
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (-22.74%)
Mutual labels: letsencrypt, ssl-certificates
ght-acme.sh
Shell script to sign certificate by the letsencrypt CA
Stars: ✭ 31 (-93.47%)
Mutual labels: letsencrypt, ssl-certificates
Grawler
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
Stars: ✭ 98 (-79.37%)
Mutual labels: automation, proxy
Gocertcenter
CertCenter API Go Implementation
Stars: ✭ 21 (-95.58%)
Mutual labels: automation, ssl-certificates
Proxygateway
Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等
Stars: ✭ 335 (-29.47%)
Mutual labels: proxy, nginx
Wordops
Install and manage a high performance WordPress stack with a few keystrokes
Stars: ✭ 649 (+36.63%)
Mutual labels: automation, nginx
Rancher Letsencrypt
🐮 Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA
Stars: ✭ 318 (-33.05%)
Mutual labels: letsencrypt, ssl-certificates
Acme Client
Let's Encrypt / ACME client written in PHP for the CLI.
Stars: ✭ 337 (-29.05%)
Mutual labels: automation, letsencrypt
Exporter exporter
A reverse proxy designed for Prometheus exporters
Stars: ✭ 194 (-59.16%)
Mutual labels: proxy, nginx
Net Shield
An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices - Beta
Stars: ✭ 202 (-57.47%)
Mutual labels: proxy, nginx
NGINX-LE - Nginx web and proxy with automatic let's encrypt
Simple nginx image (alpine based) with integrated Let's Encrypt support.
How to use
- get docker-compose.yml and change things:
- set timezone to your local, for example
TZ=UTC
. For more timezone values check/usr/share/zoneinfo
directory - set
LETSENCRYPT=true
if you want an automatic certificate install and renewal -
LE_EMAIL
should be your email andLE_FQDN
for domain - for multiple FQDNs you can pass comma-separated list, like
LE_FQDN=aaa.example.com,bbb.example.com
- alternatively set
LETSENCRYPT
tofalse
and pass your own cert inSSL_CERT
, key inSSL_KEY
andSSL_CHAIN_CERT
- use provided
etc/service-example.conf
to make your ownetc/service.conf
. Keep ssl directives as is:ssl_certificate SSL_CERT; ssl_certificate_key SSL_KEY; ssl_trusted_certificate SSL_CHAIN_CERT;
- set timezone to your local, for example
- make sure
volumes
in docker-compose.yml changed to your service config - you can map multiple custom config files to in compose using
service*.conf
filename pattern, seeservice2.conf
in docker-compose.yml file for reference - pull image -
docker-compose pull
- if you don't want pre-built image, make you own.
docker-compose build
will do it - start it
docker-compose up
Configuration files variables replacement
On start of the container all following text matches in custom configuration files you mounted will be replaced,
variable with dollar sign ($
, like $LE_FQDN
) will be taken from environment, please see next table for their list.
Matching pattern | Value | nginx usage | Description |
---|---|---|---|
SSL_CERT | /etc/nginx/ssl/$SSL_CERT |
ssl_certificate |
Public SSL certificate, sent to client |
SSL_KEY | /etc/nginx/ssl/$SSL_KEY |
ssl_certificate_key |
SSL private key, not sent to client |
SSL_CHAIN_CERT | /etc/nginx/ssl/$SSL_CHAIN_CERT |
ssl_trusted_certificate |
Trusted SSL certificates, not sent to client |
LE_FQDN | $LE_FQDN |
server_name |
List of domains, useful for configuration with single server block |
Environment variables list
Variable | Default value | Description |
---|---|---|
SSL_CERT | le-key.pem |
certbot privkey.pem new filename |
SSL_KEY | le-crt.pem |
certbot fullchain.pem new filename |
SSL_CHAIN_CERT | le-chain-crt.pem |
certbot chain.pem new filename |
LETSENCRYPT | false |
Enables Let's Encrypt certificate retrieval and renewal |
LE_FQDN | comma-separated list of domains for Let's Encrypt certificate, required if LETSENCRYPT is true
|
|
LE_EMAIL | comma-separated list of emails for Let's Encrypt certificate, required if LETSENCRYPT is true
|
|
TZ | Timezone, if set will be written to container's /etc/timezone
|
Some implementation details
Important: provided nginx.conf handles
http->https redirect automatically, no need to add it into your custom service.conf
. In case if you need a custom server on
http (:80) port, make sure you handle /.well-known/
path needed for LE challenge.
- image uses alpine's
certbot
package. -
script/entrypoint.sh
requests LE certificate and will refresh every 10 days in case if certificate is close to expiration (30day) -
script/le.sh
gets SSL - nginx-le on docker-hub
- A+ overall rating on ssllabs
Alternatives
- Træfik HTTP reverse proxy and load balancer. Supports Let's Encrypt directly.
- Caddy supports Let's Encrypt directly.
- leproxy small and nice (stand alone) https reverse proxy with automatic Letsencrypt
- bunch of others
Examples
-
Reverse proxy for WebRTC solutions,
where you need multiple ports on one domain to reach different services behind your
nginx-le
container.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].