{"id":21897840,"url":"https://github.com/luvies/nginx-rproxy","last_synced_at":"2026-04-12T18:49:27.876Z","repository":{"id":96647883,"uuid":"107062356","full_name":"luvies/nginx-rproxy","owner":"luvies","description":"A bunch of files to aid in the setup of a reverse-proxy using nginx, certbot and docker","archived":false,"fork":false,"pushed_at":"2018-05-03T00:09:02.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-27T06:11:20.075Z","etag":null,"topics":["certbot","docker","nginx","proxy"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/luvies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-16T01:08:09.000Z","updated_at":"2018-05-03T00:09:03.000Z","dependencies_parsed_at":"2023-03-26T02:18:16.982Z","dependency_job_id":null,"html_url":"https://github.com/luvies/nginx-rproxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luvies%2Fnginx-rproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luvies%2Fnginx-rproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luvies%2Fnginx-rproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luvies%2Fnginx-rproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/luvies","download_url":"https://codeload.github.com/luvies/nginx-rproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244908155,"owners_count":20529986,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certbot","docker","nginx","proxy"],"created_at":"2024-11-28T14:20:00.154Z","updated_at":"2026-04-12T18:49:22.830Z","avatar_url":"https://github.com/luvies.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nginx Reverse-Proxy Setup \u0026 Management\nThis repo contains files that aid with the setting up of an Nginx-based reverse-proxy that has SSL enabled via [Let's Encrypt](https://letsencrypt.org/). The main management script is [`proxy-manage`](proxy_manager/proxy-manage), and has the config [`.env`](proxy_manager/.env). This script does most of the work, however there are some parts you will need to modify (the script's env file, the [docker compose](proxy_manager/docker-compose.rproxy.yml) file, [`nginx.def.conf`](nginx_config/setup/nginx.def.conf), and [`server-name.conf`](nginx_config/running/includes/server-name.conf)), and there is some interaction, copying, etc you need to do to get the certificates working. The full instructs are below.\n\n## Pre-Requisites\nThe script requires docker-compose to be installed under root (this can be done through pip). The compose file is version 3.4, however it will probably work with lower versions (however I haven't tested this).\n\n## Script usage\n(Brief note: the script is designed to be ran from the current directory. If this doesn't work for you, change the variables near the top of the script to an absolute path, and it will then run regardless of the current directory.)\n\nThis walkthrough focuses on the webroot setup, some steps can be ignored with the other methods.\n\nTo use this script properly, copy it and the env file to a directory on the server computer, edit the env file to your specifications, and run it under sudo with the argument `init-rp`. This will set up the nginx proxy container, using the docker-compose file, and the volume directories. After, copy [`nginx_config/setup/*`](nginx_config/setup) into the `$NGINX_VOLUMES/conf.d` directory in order to setup the base certification server, then restart the `$RPROXY_NAME` container to enable it.\n\nOnce this is done, run the script under sudo again with the argument `init-cert` in order to initialise the certbot. After, set up a docker network for the webserver and start up the webserver that you are proxying into the network. Edit the docker-compose file to enable the network options, and set the network name to the network the webserver is operation in. Then run the script with the argument `update-rp` in order to update the rproxy container. (This argument can be used to just update the nginx container version as well, since it automatically pulls the latest alpine image and prunes un-needed images (if you don't want this prune, disable that line before using this script))\n\nOnce this is done, delete the content of the `$NGINX_VOLUMES/conf.d` folder, and copy in [`nginx_config/running/*`](nginx_config/running), and edit the `server-name.conf` file to suit your server configuration (e.g. rename the file `server-example.conf` and change the `_name` parts to `_example`). You can then restart the `$RPROXY_NAME` container to enable it (you can use the `update-rp` argument to achieve this).\n\nThe normal [`nginx.conf`](nginx_config/running/nginx.conf) file has a default HTTP server config set up, and is designed to accept request for any domain (and it will process all ACME requests through this). The `server-name.conf` is a template file for each server you wish to run through the reverse-proxy.\n\nTo run more than 1 domain/server, copy the `server-name.conf` file, change `name` to the name of the webserver you are running, and include the file in the main config. (you will also have to init-cert with these extra domains, however if the rproxy container is running, you should be able to just re-run the argument with an updated [`.env`](proxy_manager/.env)).\n\nWhen you have done, the reverse proxy should be working with SSL enabled.\n\n## Renewal\nTo setup the renew, you can add something like the following to the sudo crontab:\n\n```\n0 0 * * 0,5 (cd \u003cscript copy location\u003e \u0026\u0026 ./proxy-manage renew)\n```\n\nThis will execute the renew script every Monday \u0026 Thursday. The cd command is used to keep the relative paths that the script uses. The log of this renew is stored in `$RENEW_LOG`.\n\n## DNS - Route 53 Plugin\nThe script supports the certbot dns-route53 plugin, which allows for wildcard domains and doesn't require the webroot to be added to the certbot container. To use the plugin, simply set your AWS access and secret access keys to the [`certbot-config.env`](proxy_manager/certbot-config.env) file, and then use the `init-cert-dns-r53` and `renew dns-r53` commands instead (the second commands requires the space after `renew`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluvies%2Fnginx-rproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluvies%2Fnginx-rproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluvies%2Fnginx-rproxy/lists"}