Public | Automated Build

Last pushed: a year ago
Short Description
Issue and renew letsencrypt certificates in a docker container using the webroot plugin.
Full Description

letsencrypt-webroot

Issue and renew letsencrypt certificates in a docker container using the webroot plugin.

Prerequisites

A webserver such as nginx that serves the

Example usage

docker run -e LETSENCRYPT_EMAIL=my@email.com -v /var/www/:/var/www/ -v /etc/letsencrypt:/etc/letsencrypt/ letsencrypt-webroot issue my.domain.com'

Example nginx configuration

server {
  listen 80;
  server_name my.domain.com;

  location /.well-known {
    alias /var/www/my.domain.com/.well-known;
  }

  location / {
    proxy_pass http://my-backend/;
  }
}

server {
  listen 443 ssl;

  server_name my.domain.com;

  ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;

  location /.well-known {
    alias /var/www/my.domain.com/.well-known;
  }

  location / {
    proxy_pass http://my-backend/;
  }
}
docker run -v /var/www/:/var/www/ -v /etc/letsencrypt:/etc/letsencrypt/ -p 80:80 -p 443:443 nginx'

Why

This decouples your certificate process and persistence from your services. You can use something like GlusterFS to distribute /var/www/ and /etc/letsencrypt/ files for multi-host resillient load balancing with ssl termination. This also means that the renewal process can be initiated from any node.

This works well in a docker swarm configuration with a global load balancing service.

Docker Pull Command
Owner
jgranstrom
Source Repository