This is a bit outdated, I am making a new article soon.
I'm going to demonstrate using the jwilder/nginx-proxy with letsencrypt for easy free ssl.
Steps not covered
- Installing Docker
Grab letsencrypt and get your first certificate
git clone https://github.com/letsencrypt/letsencrypt ./letsencrypt/letsencrypt-auto certonly --standalone --email firstname.lastname@example.org -d zettabyte.me
Agree to the TOS after careful scrutiny then you will get something like this:
Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/zettabyte.me/fullchain.pem.
Make simlinks to a certificate folder you will then pass into the jwilder proxy as shown:
sudo mkdir -p /var/local/nginx/certs sudo ln -s /etc/letsencrypt/live/zettabyte.me/privkey.pem /var/local/nginx/certs/zettabyte.me.key sudo ln -s /etc/letsencrypt/live/zettabyte.me/fullchain.pem /var/local/nginx/certs/zettabyte.me.crt
If you look carefully you'll see that the /etc/letsencrypt/live/zettabyte.me/cert.pem is actually already a symlink to /etc/letsencrypt/archive/zettabyte.me/cert1.pem
Why do we care? Because you can't just pass in the /var/local/nginx/certs folder to the nginx proxy and just have it work all hunky dory. You must also pass in the /etc/letsencrypt folder.
Let's test this out with a simple nginx container
docker run -d --restart=always --name=nginx -e VIRTUAL_HOST=zettabyte.me nginx
And now get your proxy started up passing in the important volumes as shown:
docker run -d -p 80:80 -p 443:443 --name=proxy --restart=always -v /var/local/nginx/certs:/etc/nginx/certs -v /etc/letsencrypt:/etc/letsencrypt -v /var/local/proxy-confs:/etc/nginx/vhost.d:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
As you can see by visiting my blog here, everything is all happy and secured.