alexanderkrause/rpi-letsencrypt-nginx-proxy-companion
RPI-compatible LetsEncrypt companion container for nginx-proxy
100K+
This is a fork that enables usage on a armhf architecture (tested on RPI 3). Have a look at Yves Blusseau's original repository and README. The following part does not include all available options of the original project.
Reasons and examples for using a reverse proxy are discussed by Jason Wilder or here. With this companion container for automatically creating/renewing Let's Encrypt certificates you can host and expose your dockerized TLS-secured applications on a Raspberry Pi. Examples:
Built image is hosted on Dockerhub. Declare three writable volumes for the rpi-nginx-proxy container:
/etc/nginx/certs
to create/renew Let's Encrypt certificates/etc/nginx/vhost.d
to change the configuration of vhosts (needed by Let's Encrypt)/usr/share/nginx/html
to write challenge files.Exemplary usage:
$ docker run -d -p 80:80 -p 443:443 \
--name nginx-proxy \
-v /path/to/certs:/etc/nginx/certs:ro \
-v /etc/nginx/vhost.d \
-v /usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
alexanderkrause/rpi-nginx-proxy
The "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy" label is needed so that the letsencrypt container knows which nginx proxy container to use.
$ docker run -d \
--name nginx-letsencrypt \
-v /usr/ssl:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--volumes-from nginx-proxy \
alexanderkrause/rpi-letsencrypt-nginx-proxy-companion
Then start any containers you want proxied with a env var VIRTUAL_HOST=yourdomain.com
, e.g.
$ docker run -d \
--name example-app \
-e "VIRTUAL_HOST=example.com" \
-e "LETSENCRYPT_HOST=example.com" \
-e "LETSENCRYPT_EMAIL=foo@bar.com" \
tutum/apache-php
Regarding Certificate Aquiring
The acquiring of a certificate requires a nginx-reverse-proxy container with a mapping of the default ports, i.e., '80:80' and '443:443', as shown above. If you don't want to expose those ports, you need to apply a workaround:
Initially start a nginx-reverse-proxy container as shown below with those port mappings, then shutdown all three containers (reverse-proxy, companion and your application). Remove the reverse-proxy container and start a new one with your desired port mappings, e.g. '5050:80' and '5060:443'. Finally, start the companion and your application container.
$ git clone https://github.com/Alexander-Krause/rpi-docker-letsencrypt-nginx-proxy-companion.git
$ cd rpi-docker-letsencrypt-nginx-proxy-companion
$ docker build -t alexanderkrause/rpi-docker-letsencrypt-nginx-proxy-companion:latest .
Tested with duckdns as DynDNS provider. Configure the update url in your router or device (with ddclient) and (!) enable port forwarding (e.g. 443 of your Pi / docker container) in your router. Do the steps from above and enter yourducksubdomain.duckdns.org
in VIRTUAL_HOST
and LETSENCRYPT_HOST
.
docker pull alexanderkrause/rpi-letsencrypt-nginx-proxy-companion