A Docker image for Nginx with Certbot installed and the auto SSL certificate renewal enabled by default.
This image inherits directly from the official Nginx image in the Docker Store.
Run the container using pre-built image vegidio/nginx:
$ docker run -d \ -p 80:80 -p 443:443 \ --name nginx vegidio/nginx
Build the image
In the project root folder, type:
$ docker build -t my-nginx-image .
In order to enable secure connections in your domain, Certbot needs to validate the domain and make sure that you actually own it. There are many ways to do that, but the easiest way is using the Webroot plugin. The instructions here are based on this validation strategy.
Creating a certificate
Create a server block following the same pattern of sb.before.conf. Remember to replace the domain.tld in the file for your real domain.
Start the Nginx container with the server block above and login in the container using
docker exec -it container_name bash.
After you are in the container's shell enter the command below, but don't forget the replace the values for
--domainwith the domain that you're trying to create the certificate:
certbot certonly --non-interactive --agree-tos \ --email email@example.com \ --webroot -w /var/www/domain.tld \ --domain domain.tld --domain www.domain.tld
After you enter the command above - if everything goes well - the certificate will be generated and saved in the folder
Remove the previous server block (step # 1) and create a new one following the same pattern of sb.after.conf. Again, remember to replace the domain.tld in the file for your real domain.
Restart the server.
This image is configured to automatically renew all certificates, but if you want to force the certificate renew, you can login on the container image and run the command:
certbot renew -q --force-renewal --post-hook "nginx -s reload"
Checking your certificate status
You can check the status of your certificates accessing the website crt.sh.
vegidio/nginx is released under the Apache License. See LICENSE for details.
Vinicius Egidio (vinicius.io)