Public | Automated Build

Last pushed: a month ago
Short Description
pro nginx docker container - alpine based with a+ ssl, acme, openssl, htaccess and config via env
Full Description

Docker production ready NGINX Container (servercontainers/nginx)

maintained by ServerContainers

FAQ - All you need to know about the servercontainers Containers

What is it

This Dockerfile (available as servercontainers/nginx) gives you a NGINX on alpine. It is also possible to configure an auto lets encrypt certificate or self signed certificate and reverse proxy mechanism.

For Configuration of the Server you use environment Variables.

It's based on the nginx:alpine Image

View in Docker Registry servercontainers/nginx

View in GitHub ServerContainers/nginx


You can try this container with the provided _docker_compose.yml_ which starts an mysql container with phpmyadmin
and adds a reverse proxy location to the nginx.

So you can open the phpmyadmin SSL protected at https://localhost/phpmyadmin/

Environment variables and defaults


All options for the OpenSSL Stuff

  • NGINX_CONFIG_myconfigname
    • multiple variables/confgurations possible by adding unique configname to NGINX_CONFIG_
    • adds a new nginx configuration
    • server_name is required
    • example:
      • "server {server_name localhost; location / {root /data; index index.html;}}"
    • by default http redirects to ssl, ssl options get injected

to get an a+ rating at the qualys ssl test you need to set the Strict-Transport-Security
inside your nginx configuration like this:

# only this domain
add_header Strict-Transport-Security "max-age=31536000";
# apply also on subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    • only works with NGINX_CONFIG_ configurations
    • default value location / {return 301 https://$SERVER_NAME;}
    • changes default behavior of always redirect http to https
  • NGINX_HTTP_ACTION_myconfigname

    • only works for corresponding NGINX_CONFIG_myconfigname configuration
    • default value location / {return 301 https://$SERVER_NAME;}
    • overwrites global NGINX_HTTP_ACTION
    • changes default behavior of always redirect http to https
  • NGINX_RAW_CONFIG_myconfigname

    • multiple variables/confgurations possible by adding unique configname to NGINX_RAW_CONFIG_
    • adds a new nginx configuration without any modification
    • example:


    • multiple variables/accounts possible
    • adds a new htaccess account with the given username and the env value as password (SHA-512 Hashed)
    • password can be a hash created with mkpasswd e.g. created with mkpasswd -m sha-512 (escape $ with $$ in docker-compose.yml)
    • htaccess file will be saved at /conf/auth.htpasswd

to enable authentication add the following to your nginx config (inside or outside the location tag):

auth_basic "Restricted Area"; auth_basic_user_file /conf/auth.htpasswd;

ACME (Googles golang Let's Encrypt Client)

You need to accept the terms of the certificate authority, look inside to logs to find the URL where you get the current version.


    • set this to your email to get notifications from the certificate authority
    • needs to be set to enable the ACME client

    • disable the auto update of certificates if set to true
    • default: not set


All options for the OpenSSL Stuff

    • no default - needed only if you don't trust my shipped 4096 version.
    • if set a new one with given size is generated
    • only use a number as value


Docker Registry proxy with Basic Auth

You can indeed use this container as a Docker Registry Proxy with Basic Authentication.
Just add some Accounts with the HTACCESS_ACCOUNT_username variables and take a look at the following NGINX_CONFIG_myconfigname configuration.

NGINX_CONFIG_myDockerRegistry="upstream docker-registry {server registry:5000;} server {server_name; include /etc/nginx/snippets/docker-registry-proxy.conf;}"

You need to specify the docker registry upstream, add a server_name necessary for the certificate generation.
Most importantly include the file include /etc/nginx/snippets/docker-registry-proxy.conf; inside your server statement.

Thats all - now you have a working docker registry proxy with ssl, basic auth!

Docker Pull Command
Source Repository