{"id":49242388,"url":"https://github.com/humblebeeai/stack-nginx","last_synced_at":"2026-04-24T20:08:02.190Z","repository":{"id":294420302,"uuid":"986825792","full_name":"humblebeeai/stack-nginx","owner":"humblebeeai","description":"Docker-compose stack for NGINX with Certbot (Let's Encrypt), featuring automatic certificate obtain/renewal, DNS/HTTP challenges, multi-domain support, subdomains, and advanced NGINX configurations.","archived":false,"fork":false,"pushed_at":"2025-12-25T03:47:43.000Z","size":818,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-26T17:27:57.295Z","etag":null,"topics":["api-gateway","basic-auth","certbot","docker","docker-compose","http","http-cache","http2","https","letsencrypt","load-balancer","nginx","rate-limit","reverse-proxy","scripts","ssl-termination","ssl-tls","stack","web-server","web-socket"],"latest_commit_sha":null,"homepage":"https://humblebeeintel.github.io/stack.nginx/","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"bybatkhuu/stack.nginx","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/humblebeeai.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-20T07:18:12.000Z","updated_at":"2025-12-10T04:59:06.000Z","dependencies_parsed_at":"2025-09-17T08:33:47.102Z","dependency_job_id":"e9b2923d-cd47-4871-9609-89ef346468d0","html_url":"https://github.com/humblebeeai/stack-nginx","commit_stats":null,"previous_names":["humblebeeintel/stack.nginx","humblebeeai/stack.nginx","humblebeeai/stack-nginx"],"tags_count":17,"template":true,"template_full_name":null,"purl":"pkg:github/humblebeeai/stack-nginx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/humblebeeai%2Fstack-nginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/humblebeeai%2Fstack-nginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/humblebeeai%2Fstack-nginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/humblebeeai%2Fstack-nginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/humblebeeai","download_url":"https://codeload.github.com/humblebeeai/stack-nginx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/humblebeeai%2Fstack-nginx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32238810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","basic-auth","certbot","docker","docker-compose","http","http-cache","http2","https","letsencrypt","load-balancer","nginx","rate-limit","reverse-proxy","scripts","ssl-termination","ssl-tls","stack","web-server","web-socket"],"created_at":"2026-04-24T20:08:01.326Z","updated_at":"2026-04-24T20:08:02.181Z","avatar_url":"https://github.com/humblebeeai.png","language":"Shell","readme":"# NGINX Stack\n\n[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/humblebeeai/stack-nginx/2.create-release.yml?logo=GitHub)](https://github.com/humblebeeai/stack-nginx/actions/workflows/2.create-release.yml)\n[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/humblebeeai/stack-nginx?logo=GitHub)](https://github.com/humblebeeai/stack-nginx/releases)\n\nThis is a docker-compose stack for NGINX with Certbot (Let's Encrypt).\n\n## ✨ Features\n\n- NGINX - \u003chttps://nginx.org\u003e\n- Let's Encrypt - \u003chttps://letsencrypt.org\u003e\n- Certbot - \u003chttps://certbot.eff.org\u003e\n- TLS/SSL certificates\n- Automatic certificate obtain\n- Automatic certificate renewal (checks every week)\n- DNS challenges **[recommended]**:\n    - Cloudflare DNS\n    - DigitalOcean DNS\n    - GoDaddy DNS\n    - AWS Route53\n    - Google Cloud DNS\n- HTTP challenges:\n    - Standalone\n    - Webroot\n- Multiple domains per certificate\n- Subdomains:\n    - Multiple subdomains per domain/certificate\n    - Wildcard subdomains (only DNS challenges)\n- NGINX template configuration\n- Web server\n- Reverse proxy\n- Load balancer\n- Rate limiting\n- HTTP cache\n- HTTP header transformations\n- HTTP/2 and HTTPS\n- Basic authentication\n- Websockets\n- Docker and docker-compose\n\n---\n\n## 🐤 Getting Started\n\n### 1. 🚧 Prerequisites\n\n- Prepare **server/PC** with **public IP address**\n- Buy or register **domain name**\n- **[RECOMMENDED]** DNS provider **API token/credentials** (required for **DNS challenges** and **wildcard subdomains**):\n    - Cloudflare:\n        - API tokens - \u003chttps://dash.cloudflare.com/profile/api-tokens\u003e\n        - certbot-dns-cloudflare - \u003chttps://certbot-dns-cloudflare.readthedocs.io/en/stable\u003e\n    - DigitalOcean:\n        - API tokens - \u003chttps://cloud.digitalocean.com/account/api/tokens\u003e\n        - certbot-dns-digitalocean - \u003chttps://certbot-dns-digitalocean.readthedocs.io/en/stable\u003e\n    - GoDaddy:\n        - API keys - \u003chttps://developer.godaddy.com/keys\u003e\n        - certbot-dns-godaddy - \u003chttps://github.com/miigotu/certbot-dns-godaddy\u003e\n    - AWS Route53:\n        - AWS access keys - \u003chttps://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html\u003e\n        - certbot-dns-route53 - \u003chttps://certbot-dns-route53.readthedocs.io/en/stable\u003e\n    - Google Cloud DNS:\n        - GCP credentials/service accounts - \u003chttps://cloud.google.com/iam/docs/service-accounts-create\u003e\n        - certbot-dns-google - \u003chttps://certbot-dns-google.readthedocs.io/en/stable\u003e\n- Install [**docker** and **docker compose**](https://docs.docker.com/engine/install) in **server**\n    - Nginx docker image: [**humblebeeai/nginx**](https://hub.docker.com/r/humblebeeai/nginx)\n    - Certbot docker image: [**humblebeeai/certbot**](https://hub.docker.com/r/humblebeeai/certbot)\n\nFor **DEVELOPMENT**:\n\n- Install [**git**](https://git-scm.com/downloads)\n- Setup an [**SSH key**](https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh)\n\n### 2. 📥 Download or clone the repository\n\n**2.1.** Prepare projects directory (if not exists) in your **server** with **public IP address**:\n\n```sh\n# Create projects directory:\nmkdir -pv ~/workspaces/projects\n\n# Enter into projects directory:\ncd ~/workspaces/projects\n```\n\n**2.2.** Follow one of the below options **[A]**, **[B]**, **[C]** or **[D]**:\n\n**OPTION A.** Clone the repository:\n\n```sh\ngit clone https://github.com/humblebeeai/stack-nginx.git \u0026\u0026 \\\n    cd stack-nginx\n```\n\n**OPTION B.** Clone with all submodules:\n\n```sh\ngit clone --recursive https://github.com/humblebeeai/stack-nginx.git \u0026\u0026 \\\n    cd stack-nginx \u0026\u0026 \\\n    git submodule update --init --recursive \u0026\u0026 \\\n    git submodule foreach --recursive git checkout main\n```\n\n**OPTION C.** Clone with all submodules (for **DEVELOPMENT**: git + ssh key):\n\n```sh\ngit clone --recursive git@github.com:humblebeeai/stack-nginx.git \u0026\u0026 \\\n    cd stack-nginx \u0026\u0026 \\\n    git submodule update --init --recursive \u0026\u0026 \\\n    git submodule foreach --recursive git checkout main\n```\n\n**OPTION D.** Download source code from [releases](https://github.com/humblebeeai/stack-nginx/releases) page.\n\n### 3. 🛠 Configure the environment\n\n[TIP] Skip this step, if you've already configured environment!\n\n#### 3.1. 🌎 Configure **`.env`** (environment variables) file\n\n**[IMPORTANT]** Please, check **[environment variables](#-environment-variables)** section for more details.\n\n```sh\n# Copy .env.example file into .env file:\ncp -v .env.example .env\n\n# Edit environment variables to fit in your environment:\nnano .env\n```\n\n#### 3.2. 🎺 Configure **`compose.override.yml`** file\n\n[TIP] Skip this step, if you want run with default configuration!\n\nYou can use below template **`compose.override.yml`** files for different environments:\n\n- **DEVELOPMENT**: [**`compose.override.dev.yml`**](./templates/compose/compose.override.dev.yml)\n- **PRODUCTION/STAGING**: [**`compose.override.prod.yml`**](./templates/compose/compose.override.prod.yml)\n\n```sh\n# Copy 'compose.override.[ENV].yml' file to 'compose.override.yml' file:\ncp -v ./templates/compose/compose.override.[ENV].yml ./compose.override.yml\n# For example, DEVELOPMENT environment:\ncp -v ./templates/compose/compose.override.dev.yml ./compose.override.yml\n# For example, STAGING or PRODUCTION environment:\ncp -v ./templates/compose/compose.override.prod.yml ./compose.override.yml\n\n# Edit 'compose.override.yml' file to fit in your environment:\nnano ./compose.override.yml\n```\n\n#### 3.3. ✅ Check docker compose configuration is valid\n\n**[WARNING]** If you get an error or warning, check your configuration files (**`.env`** or **`compose.override.yml`**).\n\n```sh\n./compose.sh validate\n# Or:\ndocker compose config\n```\n\n### 4. 🔧 Configure NGINX\n\n[TIP] Skip this step, if you've already configured NGINX.\n\n**[IMPORTANT]** Please, check nginx configuration and best practices:\n\n- \u003chttps://www.udemy.com/course/nginx-fundamentals\u003e\n- \u003chttps://www.digitalocean.com/community/tools/nginx\u003e\n- \u003chttps://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes\u003e\n- \u003chttps://www.nginx.com/nginx-wiki/build/dirhtml/start/topics/tutorials/config_pitfalls\u003e\n- \u003chttps://www.youtube.com/watch?v=pkHQCPXaimU\u003e\n- \u003chttps://www.baeldung.com/linux/nginx-config-environment-variables\u003e\n- \u003chttps://github.com/fcambus/nginx-resources\u003e\n\nUse template files in [**`templates/nginx.conf`**](./templates/nginx.conf/static) to configure NGINX:\n\n```sh\n# Copy template file into storage directory:\ncp -v ./templates/nginx.conf/static/[TEMPLATE_BASENAME].conf ./volumes/storage/nginx/configs/site-enabled/[CUSTOM_BASENAME].conf\n# For example, Let's Encrypt HTTPS configuration for example.com domain:\ncp -v ./templates/nginx.conf/static/100.example.com.lets.conf ./volumes/storage/nginx/configs/site-enabled/100.example.com.conf\n\n# Edit template file to fit in your nginx configuration:\nnano ./volumes/storage/nginx/configs/site-enabled/[CUSTOM_BASENAME].conf\n# For example:\nnano ./volumes/storage/nginx/configs/site-enabled/100.example.com.conf\n```\n\n### 5. 🚀 Start docker compose\n\n**[CAUTION]**:\n\n- If ports are conflicting, you should change ports from [**3. step**](#3--configure-the-environment).\n- If container names are conflicting, you should change project directory name (from **`stack-nginx`** to something else, e.g: `prod.stack-nginx`) from [**2.2. step**](#2--download-or-clone-the-repository).\n\n```sh\n./compose.sh start -l\n# Or:\ndocker compose up -d --remove-orphans --force-recreate \u0026\u0026 \\\n    docker compose logs -f --tail 100\n```\n\n### 6. 📡 Check services are running and monitor logs\n\n📋 Check all services are running:\n\n```sh\n./compose.sh list\n# Or:\ndocker compose ps\n```\n\n📟 Monitor all logs of containers:\n\n```sh\n./compose.sh logs\n# Or:\ndocker compose logs -f --tail 100\n```\n\n🧵 List all running processes inside containers:\n\n```sh\n./compose.sh ps\n# Or:\ndocker compose top\n```\n\n📊 Check resource usage of containers:\n\n```sh\n./compose.sh stats\n# Or:\ndocker compose stats\n```\n\n🔐 Check certificates:\n\n```sh\n./compose.sh certs\n# Or check certificates in container:\ndocker compose exec certbot certbot certificates\n# Or check certificates in host:\nls -alhF ./volumes/storage/nginx/ssl\n# Or check certificates in host with tree:\ntree ./volumes/storage/nginx/ssl\n```\n\n### 7. 🪂 Stop docker compose\n\n```sh\n./compose.sh stop\n# Or:\ndocker compose down --remove-orphans\n```\n\n👍\n\n---\n\n## ⚙️ Configuration\n\n### 🌎 Environment Variables\n\nYou can use the following environment variables to configure:\n\n[**`.env.example`**](./.env.example):\n\n```sh\n## --- CERTBOT configs --- ##\nCERTBOT_EMAIL=user@email.com\nCERTBOT_DOMAINS=\"example.com,www.example.com\"\nCERTBOT_DNS_TIMEOUT=30\n\n\n## --- NGINX configs --- ##\nNGINX_BASIC_AUTH_USER=nginx_admin\nNGINX_BASIC_AUTH_PASS=\"NGINX_ADMIN_PASSWORD123\" # !!! CHANGE THIS TO RANDOM PASSWORD !!!\n\n\n## -- Docker configs -- ##\n# NGINX_HTTP_PORT=80 # port for bridge network mode\n# NGINX_HTTPS_PORT=443 # port for bridge network mode\n# NGINX_GRPC_PORT=443  # port for bridge network mode\n```\n\n### 🐳 Docker container command arguments\n\nYou can use the following arguments to configure:\n\n**nginx**:\n\n```txt\n-s=*, --https=[self | valid | lets]\n    Enable HTTPS mode:\n        self  - Self-signed certificate\n        valid - Valid certificate\n        lets  - Let's Encrypt certificate\n-b, --bash, bash, /bin/bash\n    Run only bash shell.\n```\n\nFor example as in [**`compose.override.yml`**](./templates/compose/compose.override.dev.yml) file:\n\n```yml\n    command: [\"--https=self\"]\n    command: [\"--https=valid\"]\n    command: [\"--https=lets\"]\n    command: [\"/bin/bash\"]\n```\n\n**certbot**:\n\n```txt\n-s=, --server=[staging | production]\n    Let's Encrypt server. Default: staging.\n-n=, --new=[standalone | webroot]\n    Obtain option for new certificates. Default: standalone.\n-r=, --renew=[webroot | standalone]\n    Renew option for existing certificates. Default: webroot.\n-d=, --dns=[cloudflare | route53 | google | godaddy | digitalocean]\n    Use DNS challenge instead of HTTP challenge.\n-D, --disable-renew\n    Disable automatic renewal of certificates.\n-b, --bash, bash, /bin/bash\n    Run only bash shell.\n```\n\nFor example as in [**`compose.override.yml`**](./templates/compose/compose.override.dev.yml) file:\n\n```yml\n    command: [\"--server=production\"]\n    command: [\"--server=production\", \"--renew=standalone\"]\n    command: [\"--new=webroot\", \"--disable-renew\"]\n    command: [\"--server=production\", \"--dns=cloudflare\"]\n    command: [\"--dns=digitalocean\"]\n    command: [\"--dns=route53\"]\n    command: [\"--dns=google\"]\n    command: [\"--dns=godaddy\"]\n    command: [\"/bin/bash\"]\n```\n\n---\n\n## 📚 Documentation\n\n- [Docs](./docs)\n\n### 🛤 Roadmap\n\n- Add more DNS providers.\n- Add more documentation.\n\n---\n\n## 📑 References\n\n- Download NGINX - \u003chttps://nginx.org/en/download.html\u003e\n- Building NGINX from sources - \u003chttps://nginx.org/en/docs/configure.html\u003e\n- NGINX documentation - \u003chttps://nginx.org/en/docs\u003e\n- NGINX directives - \u003chttps://nginx.org/en/docs/dirindex.html\u003e\n- NGINX variables - \u003chttps://nginx.org/en/docs/varindex.html\u003e\n- NGINX config generator (digitalocean) - \u003chttps://www.digitalocean.com/community/tools/nginx\u003e\n- NGINX 3rd party modules - \u003chttps://www.nginx.com/resources/wiki/modules\u003e\n- NGINX Avoid top 10 mistakes - \u003chttps://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes\u003e\n- NGINX Pitfalls and common mistakes - \u003chttps://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls\u003e\n- Installing NGINX open source and NGINX Plus - \u003chttps://www.youtube.com/watch?v=pkHQCPXaimU\u003e\n- NGINX Proxy Manager - \u003chttps://nginxproxymanager.com\u003e\n- NGINX fundamental course - \u003chttps://www.udemy.com/course/nginx-fundamentals\u003e\n- NGINX resources - \u003chttps://github.com/fcambus/nginx-resources\u003e\n- NGINX config environment variables - \u003chttps://www.baeldung.com/linux/nginx-config-environment-variables\u003e\n- Certbot - \u003chttps://certbot.eff.org\u003e\n- Certbot documentation - \u003chttps://eff-certbot.readthedocs.io/en/stable\u003e\n- Let's Encrypt - \u003chttps://letsencrypt.org\u003e\n- Let's Encrypt documentation - \u003chttps://letsencrypt.org/docs\u003e\n- Docker - \u003chttps://docs.docker.com\u003e\n- Docker Compose - \u003chttps://docs.docker.com/compose\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhumblebeeai%2Fstack-nginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhumblebeeai%2Fstack-nginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhumblebeeai%2Fstack-nginx/lists"}