Public | Automated Build

Last pushed: 8 months ago
Short Description
OpenMapHub Gateway Server
Full Description

Modified for OpenMapHub Project

Forked from: https://github.com/smashwilson/lets-nginx

Modifications:

  • Allow proxy of port 80 for mixed mode. Web app will redirect for pages that require https
  • Fixes nginx proxy permission issues

Let's Nginx

dockerhub build

Put browser-valid TLS termination in front of any Dockerized HTTP service with one command.

docker run --detach \
  --name lets-nginx \
  --link backend:backend \
  --env EMAIL=me@email.com \
  --env DOMAIN=mydomain.horse \
  --env UPSTREAM=backend:8080 \
  --publish 80:80 \
  --publish 443:443 \
  smashwilson/lets-nginx

Issues certificates from letsencrypt, installs them in nginx, and schedules a cron job to reissue them monthly.

:zap: To run unattended, this container accepts the letsencrypt terms of service on your behalf. Make sure that the subscriber agreement is acceptable to you before using this container. :zap:

Prerequisites

Before you begin, you'll need:

  1. A place to run Docker containers with a public IP.
  2. A domain name with an A record pointing to your cluster.

Usage

Launch your backend container and note its name, then launch smashwilson/lets-nginx with the following parameters:

  • --link backend:backend to link your backend service's container to this one. (This may be unnecessary depending on Docker's networking configuration.)
  • -e EMAIL= your email address, used to register with letsencrypt.
  • -e DOMAIN= the domain name.
  • -e UPSTREAM= the name of your backend container and the port on which the service is listening.
  • -p 80:80 and -p 443:443 so that the letsencrypt client and nginx can bind to those ports on your public interface.
  • -e STAGING=1 uses the Let's Encrypt staging server instead of the production one.
         I highly recommend using this option to double check your infrastructure before you launch a real service. 
         Let's Encrypt rate-limits the production server to issuing 
         [five certificates per domain per seven days](https://community.letsencrypt.org/t/public-beta-rate-limits/4772/3), 
         which (as I discovered the hard way) you can quickly exhaust by debugging unrelated problems!
    

Caching the Certificates and/or DH Parameters

Since --links don't survive the re-creation of the target container, you'll need to coordinate re-creating
the proxy container. In this case, you can cache the certificates and Diffie-Helmlan parameters with the following procedure:

Do this once:

docker volume create --name letsencrypt
docker volume create --name letsencrypt-backups
docker volume create --name dhparam-cache

and then start the container with volume attachments:

docker run --detach \
  --name lets-nginx \
  --link backend:backend \
  --env EMAIL=me@email.com \
  --env DOMAIN=mydomain.horse \
  --env UPSTREAM=backend:8080 \
  --publish 80:80 \
  --publish 443:443 \
  -v letsencrypt:/etc/letsencrypt \
  -v letsencrypt-backups:/var/lib/letsencrypt \
  -v dhparam-cache:/cache \
  smashwilson/lets-nginx
Docker Pull Command
Owner
openmaphub
Source Repository

Comments (0)