Public | Automated Build

Last pushed: 5 months ago
Short Description
Nginx with integrated certbot
Full Description

nginx + certbot

Templated nginx setup with automatic SSL by certbot


Required: Define environment variables FQDN and EMAIL for certbot.
Recommended: Mount certs volume to preserve across rebuilds.

docker volume create --name lecrypt
docker run \
    -v lecrypt:/etc/letsencrypt \
    -e "" \
    -e "" \
    -p 80:80 -p 443:443 \
    --name abraham \

or use the provided docker-compose.yml as an example.

Nginx is configured to load pluggable locations from /etc/nginx/locations-enabled


  • switch to S6 for handling background certbot script

  • MAYBE: planB when certbot failed?
    generate self-signed certificate like that:

      RUN mkdir -p $CERTPATH && \
      openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
         -subj '/CN=sni-support-required-for-valid-ssl' \
         -keyout $CERTPATH/privkey.pem \
         -out $CERTPATH/fullchain.pem
  • Read:

Work notes

Done: use gosu and exec as described here:

Done: On startup, check is performed that FQDN is resolving to this host external IP before attemptiong to run certbot:

EXT_IP=`dig +short`
FQDN_IP=`dig +short ${FQDN}`

Done: Set a domain for certbot from the active docker machine on Win:

@FOR /f "tokens=*" %i IN ('docker-machine active -t 1') DO set FQDN=%i
Docker Pull Command
Source Repository