Easy docker SSL with nginx-proxy

The following is an amazing tool that allows for easy SSL setup on pretty much any docker container running a web server.

Assuming you have docker installed on an Debian/Ubuntu based machine follow these steps. The following will be very similar to the instructions posted on the GitHub page linked above.

You will need to set up some docker volumes listed below:

Step 1: Install nginx-proxy

docker run --detach \

--name nginx-proxy \

--publish 80:80 \

--publish 443:443 \

--volume /etc/nginx/certs \

--volume /etc/nginx/vhost.d \

--volume /usr/share/nginx/html \

--volume /var/run/docker.sock:/tmp/docker.sock:ro \

jwilder/nginx-proxy

This will create a docker container with nginx-proxy. The container responsible for actually proxying webpages.

Step 2: Install letsencrypt-nginx-proxy-companion

Next you have to set up letsencrypt-nginx-proxy-companion which will automatically generate and renew SSL certificates for every domain you specify later on when you set up other containers.

docker run --detach \

--name nginx-proxy-letsencrypt \

--volumes-from nginx-proxy \

--volume /var/run/docker.sock:/var/run/docker.sock:ro \

--env "DEFAULT_EMAIL=mail@yourdomain.tld" \

jrcs/letsencrypt-nginx-proxy-companion

That’s basically it for the installation. Now it’s time to add your webservers. Enabling SSL in a container is as easy as setting some environment variables.

VIRTUAL_HOST sets the domain name the container will be reachable at. For example: mywebsite.example.com or helloworld.example.com.

VIRTUAL_PORT is very important. By default it will auto-detect webservers working on ports 443 or 80. However, if your server listens on a different port, you need to specify that here.

LETSENCRYPT_HOST should be the same as VIRTUAL_HOST as it tells LetsEncrypt what domain it should be enabled for.

LETSENCRYPT_EMAIL is the email that LetsEncrypt will send notifications to for expiration and renewal.

Step 3: Configuration for large file uploads

One of the problems I’ve run into while setting this up was uploading files to a blogging platform (or storage like owncloud) through a browser. By default it sets the max file upload size to a very small number, less than 10MB I believe. To change this you must enter into the nginx-proxy container and edit the config file:

docker exec -it [container-id] bash

If you only have one or two containers that require large uploads, you can create a config file on a per VIRTUAL_HOST basis. The README for nginx-proxy explains this in more detail than I will here under the Custom Nginx Configuration section:

You can set the max body size with this line:

client_max_body_size 100m;

In Conclusion

nginx-proxy and letsencrypt-nginx-proxy-companion is a super easy way to set up SSL on websites and web apps without too much fuss. There’s a ton more detail in the links I posted if you’re having any trouble.

1 Like