Public | Automated Build

Last pushed: 2 years ago
Short Description
Use docker-gen to create and maintain a Nginx configuration for SSL termination.
Full Description

Docker image that uses docker-gen
to create and maintain a Nginx configuration for SSL termination. it is based
on nginx-proxy.

Because docker-gen needs access to the Docker socket, this container does not
run the Nginx process itself. Instead, run a second container with the
nginx image that uses the generated
configuration by mounting the /etc/nginx/conf.d volume.

Usage

cat > variables.yml <<'.'
---
ssl_certificate: |
  -----BEGIN CERTIFICATE-----
  [...]
  -----END CERTIFICATE-----
ssl_certificate_key: |
  -----BEGIN PRIVATE KEY-----
  [...]
  -----END PRIVATE KEY-----
sslterm_container: sslterm
.

docker run --name=sslterm-gen \
           -v $PWD/variables.yml:/variables.yml:ro \
           -v /var/run/docker.sock:/tmp/docker.sock:ro \
           goabout/nginx-sslterm-gen

docker run --name=sslterm \
           -p 80:80 -p 443:443 \
           --volumes-from=sslterm-gen \
           nginx

docker run --name=website1 \
           -v /some/content:/usr/share/nginx/html:ro \
           -e VIRTUAL_HOST=website1.example.com \
           nginx

docker run --name=website2 \
           -v /some/content:/usr/share/nginx/html:ro \
           -e VIRTUAL_HOST=website2.example.com \
           nginx

Variables

The images uses
jcassee/parameterized-entrypoint
for parameterization. The following variables are available:

  • ssl_certificate: The SSL certificate (or certificate chain), in PEM
                     format.
    
  • ssl_certificate_key: The private key to the SSL certificate, in PEM

                         format.
    
  • proxies / proxy: Optional downstream proxies that use the PROXY protocol.

                     The latter value overrides the former. (This enables the
                     `proxy_protocol` option on all servers, which means you
                     cannot connect using plain HTTP(S) anymore.)
    
  • sslterm_container: The name of the container that is running Nginx with

                       the generated configuration. This container will be
                       sent a HUP signal when the configuration changes.
    

Containers that want to use SSL set the VIRTUAL_HOST environment variable to
the domain (or comma-separated list of domains).

Currently, only one SSL certificate can be used. Using per-domain certificates
(possible using Let's Encrypt) are on the roadmap.

Docker Pull Command
Owner
goabout