This is a bit outdated, I am making a new article soon.

I'm going to demonstrate using the jwilder/nginx-proxy with letsencrypt for easy free ssl.

Steps not covered

  • DNS
  • Installing Docker

Grab letsencrypt and get your first certificate

git clone https://github.com/letsencrypt/letsencrypt  
./letsencrypt/letsencrypt-auto certonly --standalone --email richard@zettabyte.me -d zettabyte.me

Agree to the TOS after careful scrutiny then you will get something like this:

Congratulations! Your certificate and chain have been saved at  
/etc/letsencrypt/live/zettabyte.me/fullchain.pem.

nginx-proxy time

Make simlinks to a certificate folder you will then pass into the jwilder proxy as shown:

sudo mkdir -p /var/local/nginx/certs

sudo ln -s /etc/letsencrypt/live/zettabyte.me/privkey.pem /var/local/nginx/certs/zettabyte.me.key

sudo ln -s /etc/letsencrypt/live/zettabyte.me/fullchain.pem /var/local/nginx/certs/zettabyte.me.crt  

If you look carefully you'll see that the /etc/letsencrypt/live/zettabyte.me/cert.pem is actually already a symlink to /etc/letsencrypt/archive/zettabyte.me/cert1.pem

Why do we care? Because you can't just pass in the /var/local/nginx/certs folder to the nginx proxy and just have it work all hunky dory. You must also pass in the /etc/letsencrypt folder.

Let's test this out with a simple nginx container

docker run -d --restart=always --name=nginx -e VIRTUAL_HOST=zettabyte.me nginx  

And now get your proxy started up passing in the important volumes as shown:

docker run -d -p 80:80 -p 443:443 --name=proxy --restart=always -v /var/local/nginx/certs:/etc/nginx/certs -v /etc/letsencrypt:/etc/letsencrypt -v /var/local/proxy-confs:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy  

As you can see by visiting my blog here, everything is all happy and secured.