{"id":17928458,"url":"https://github.com/hartwork/docker-ssl-reverse-proxy","last_synced_at":"2025-09-18T02:33:40.728Z","repository":{"id":55017965,"uuid":"138425470","full_name":"hartwork/docker-ssl-reverse-proxy","owner":"hartwork","description":":lock: Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt","archived":false,"fork":false,"pushed_at":"2025-01-10T02:59:46.000Z","size":79,"stargazers_count":24,"open_issues_count":0,"forks_count":4,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-10T03:27:54.077Z","etag":null,"topics":["caddy","docker","docker-compose","docker-image","https","lets-encrypt","letsencrypt","proxy","python","python-3","python3","reverse-proxy","reverseproxy","ssl","ssl-proxy","tls","tls-proxy"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hartwork.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-23T18:40:01.000Z","updated_at":"2025-01-10T02:59:50.000Z","dependencies_parsed_at":"2024-05-20T13:33:06.158Z","dependency_job_id":"a120cdc2-4d9d-4327-b1f4-e9949630c69a","html_url":"https://github.com/hartwork/docker-ssl-reverse-proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fdocker-ssl-reverse-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fdocker-ssl-reverse-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fdocker-ssl-reverse-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fdocker-ssl-reverse-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hartwork","download_url":"https://codeload.github.com/hartwork/docker-ssl-reverse-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233438519,"owners_count":18676327,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","docker","docker-compose","docker-image","https","lets-encrypt","letsencrypt","proxy","python","python-3","python3","reverse-proxy","reverseproxy","ssl","ssl-proxy","tls","tls-proxy"],"created_at":"2024-10-28T21:03:07.943Z","updated_at":"2025-09-18T02:33:40.702Z","avatar_url":"https://github.com/hartwork.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# About docker-ssl-reverse-proxy\n\nMy situation was this:\nI had multiple Docker containers serving websites on port 80.\nI wanted a single reverse proxy with SSL powered by\n[Let's Encrypt](https://letsencrypt.org/)\nin front of them that keeps certificates fresh and supports\nmultiple domain names per website (e.g. with `www.` subdomain and without).\nPlain HTTP should be redirected to HTTPS on the master domain for each website,\nalias domains should redirect to the master domain for both HTTP and HTTPS.\nAnd that reverse proxy should also run in a Docker container.\n\nThis repository has all of that.  The heavy lifting is done by\n[Caddy](https://caddyserver.com/)\nand there's a [small tool](Caddyfile.generate) to generate Caddy configuration\nfrom a minimal\n[ini-like](https://docs.python.org/3/library/configparser.html)\n`sites.cfg` file for you ([see example](sites.cfg.EXAMPLE.gentoo-ev)).\n\nThanks to Abiola Ibrahim ([@abiosoft](https://github.com/abiosoft))\nfor sharing his\n[Caddy 1.x.x Docker images](https://github.com/abiosoft/caddy-docker)\nthat I build upon prior to switching to\n[official Caddy 2.x.x Docker images](https://hub.docker.com/_/caddy).\n\n\n# Getting Started\n\n  1. Create a simple `sites.cfg` file manually\n     as seen in the [example](sites.cfg.EXAMPLE.gentoo-ev).\n\n  2. Run [`./Caddyfile.generate`](Caddyfile.generate)\n     to generate `Caddyfile` from `sites.cfg` for you.\n\n  3. Create Docker network `ssl-reverse-proxy` for the reverse proxy\n     and its backends to talk:\u003cbr\u003e\n     `docker network create --internal ssl-reverse-proxy`\n\n  4. Spin up the container:\u003cbr\u003e\n     `docker-compose up -d --build`\n\n  5. Have backend containers join network `ssl-reverse-proxy`,\n     e.g. as done in the proxy's own\n     [`docker-compose.yml` file](docker-compose.yml).\n\n  6. Enjoy.\n\n\n# How to write the `sites.cfg` file\n\nThe format is rather simple and has four options only.\nLet's look at this example:\n\n    [example.org]\n    backend = example-org:80\n    aliases =\n        www.example.org\n            example.net\n        www.example.net\n\nSection name `example.org` sets the master domain name that all alias domains\nredirect to.  `backend` points to the hostname and port that serves actual\ncontent.  Here, `example-org` is the name of the Docker container that\nDocker DNS will let us access because we made both containers join external\nnetwork `ssl-reverse-proxy` in their `docker-compose.yml` files.\n`aliases` is an optional list of domain names to have both HTTP and HTTPS\nredirect to master domain `example.org`.\nAdding `hsts_preload = true` is optional, defaults to false, and extends the\n[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)\nresponse headers to\n[unlock addition to the browser preload list](https://hstspreload.org/#submission-requirements)\nat [https://hstspreload.org/](https://hstspreload.org/).\nThat's it.\n\nThe `Caddyfile` generated from that very `sites.cfg` would read:\n\n    # NOTE: This file has been generated, do not edit\n    (common) {\n        encode zstd gzip\n        log {\n            output stdout\n        }\n    }\n\n    example.org {\n        import common\n        reverse_proxy example-org:80 {\n            header_down +Strict-Transport-Security \"max-age=63072000; includeSubDomains\"\n        }\n    }\n\n    example.net {\n        import common\n        redir https://example.org{uri}\n    }\n\n    www.example.net {\n        import common\n        redir https://example.org{uri}\n    }\n\n    www.example.org {\n        import common\n        redir https://example.org{uri}\n    }\n\n\n# Support and Contributing\n\nIf you run into issues or have questions, please\n[open an issue ticket](https://github.com/hartwork/docker-ssl-reverse-proxy/issues)\nfor that.\n\nPlease know that `sites.cfg` and [`Caddyfile.generate`](Caddyfile.generate)\nare not meant to cover much more than they already do.  If it grows as powerful\nas `Caddyfile` we have failed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhartwork%2Fdocker-ssl-reverse-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhartwork%2Fdocker-ssl-reverse-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhartwork%2Fdocker-ssl-reverse-proxy/lists"}