{"id":27106321,"url":"https://github.com/mikybars/docker-apache2-letsencrypt","last_synced_at":"2025-04-06T19:39:58.302Z","repository":{"id":120005491,"uuid":"172433040","full_name":"mikybars/docker-apache2-letsencrypt","owner":"mikybars","description":"A Docker container based on the Apache2 official image with SSL enabled and Let's Encrypt setup","archived":false,"fork":false,"pushed_at":"2020-01-08T09:58:21.000Z","size":16,"stargazers_count":3,"open_issues_count":2,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-04-02T04:58:06.277Z","etag":null,"topics":["docker","ssl","web"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mikybars.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-02-25T04:14:29.000Z","updated_at":"2024-03-27T10:16:20.000Z","dependencies_parsed_at":"2023-06-14T16:45:10.296Z","dependency_job_id":null,"html_url":"https://github.com/mikybars/docker-apache2-letsencrypt","commit_stats":null,"previous_names":["mikybars/docker-apache2-letsencrypt"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikybars%2Fdocker-apache2-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikybars%2Fdocker-apache2-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikybars%2Fdocker-apache2-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikybars%2Fdocker-apache2-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mikybars","download_url":"https://codeload.github.com/mikybars/docker-apache2-letsencrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247543138,"owners_count":20955860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","ssl","web"],"created_at":"2025-04-06T19:39:49.577Z","updated_at":"2025-04-06T19:39:58.296Z","avatar_url":"https://github.com/mikybars.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/mperezi/docker-apache2-letsencrypt.svg?branch=master)](https://travis-ci.org/mperezi/docker-apache2-letsencrypt) [![Docker Pulls](https://img.shields.io/docker/pulls/mperezi/apache2-letsencrypt.svg)](https://hub.docker.com/r/mperezi/apache2-letsencrypt/)\n\n# docker-apache2-letsencrypt\n\nA Docker container running an out-of-the-box Apache2 web server with SSL enabled. You don't need to provide any previously-obtained certificate for your server because the issue of such certificate as well as the renewal are automatically handled by the Certbot client. \n\n# What is Certbot?\n\u003e [Certbot](https://certbot.eff.org) is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let's Encrypt and was previously known as \"the official Let’s Encrypt client\" or \"the Let’s Encrypt Python client.\" \n\n# What is Let's Encrypt?\n\u003e[Let’s Encrypt](https://letsencrypt.org/about/) is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). \n\u003e\n\u003eWe give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.\n\n# How to use this image\n\nThe base configuration file for the Apache web server (i.e. `httpd.conf`) has been tweaked to source a couple of external files that provide some extra configuration. These files are `httpd-vhosts.conf` and `httpd-ssl.conf` and they must reside in `/usr/local/apache2/conf/extra` inside the container. Because of that it's a good thing to:\n\n1. Set up a folder structure like this in your host:\n\n```bash\nconf\n└── extra\n    ├── httpd-ssl.conf\n    └── httpd-vhosts.conf\n```\n\n2. Mount the previous folder with `-v $PWD/conf/extra:/usr/local/apache2/conf/extra`.\n\n## Set up your virtual hosts\n\nThe file `httpd-vhosts.conf` should contain the configuration for your virtual hosts. Here you usually specify the location of the certificate files as well as the automatic redirection from HTTP to HTTPS.\n\n```\n\u003cVirtualHost *:80\u003e\n    ServerName mperezi.com\n\tRedirect permanent / https://mperezi.com/\n\u003c/VirtualHost\u003e\n\n\u003cVirtualHost *:443\u003e\n    ServerName mperezi.com\n    SSLEngine on\n    SSLCertificateFile /etc/letsencrypt/certs/cert.pem\n    SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem\n    SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem\n\u003c/VirtualHost\u003e\n```\n\n## Tune SSL-Related settings \n\nThe file `httpd-ssl.conf` is where you place the settings that are specific to SSL.\n\n```\nListen 443\nSSLSessionCache shmcb:/usr/local/apache2/logs/ssl_scache(512000)\n```\n\n## Run the container\n\n### Docker CLI\n\n```bash\n$ docker volume create certs\n\n$ docker container run \\\n  -d\n  -p 80:80\n  -p 443:443\n  --hostname \u003cdomain-to-be-secured.com\u003e\n  -e LETS_ENCRYPT_EMAIL \u003cmaintainer-of-the-domain@mail-server.com\u003e\n  -v $PWD/html:/usr/local/apache2/htdocs\n  -v $PWD/conf/extra:/usr/local/apache2/conf/extra\n  -v certs:/etc/letsencrypt\n  --name web \n  mperezi/apache2-letsencrypt\n```\n\n### Docker Compose\n\n```yaml\nversion: '2'\n\nservices:\n  web:\n    image: mperezi/apache2-letsencrypt\n    hostname: \u003cdomain-to-be-secured.com\u003e\n    ports:\n      - '80:80'\n      - '443:443'\n    environment:\n      LETS_ENCRYPT_EMAIL: \u003cmaintainer-of-the-domain@mail-server.com\u003e\n    volumes:\n      - '$PWD/html:/usr/local/apache2/htdocs'\n      - '$PWD/conf/extra:/usr/local/apache2/conf/extra'\n      - 'certs:/etc/letsencrypt'\n\nvolumes:\n  certs:\n```\n\n# FAQ\n\n## Where are my certificates?\n\nAll generated keys and issued certificates can be found in `/etc/letsencrypt/live/\u003cdomain\u003e` inside the container. It's advisable to use a volume and mount `/etc/letsencrypt` to prevent certificate loss upon successive restarts of the container.\n\nYou can query Certbot at any time and obtain valuable information about the certificates installed in the container by using:\n\n```bash\n$ docker container exec web certbot certificates\nFound the following certs:\n  Certificate Name: example.com\n    Domains: example.com, www.example.com\n    Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)\n    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem\n    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem\n```\n\n## What about renewal?\n\nYou don't need to worry about expiry dates or renewing your certificates because Certbot does it for you too. And it does so by setting up a cron job that runs the command `certbot renew` (usually twice a day). This command attempts to renew any previously-obtained certificates that expire in less than 30 days. \n\n## Besides example.com I also want to secure smtp.example.com, blog.example.com, ...\n\nYou can obtain a certificate for as many domains as you want by setting the environment variable `LETS_ENCRYPT_DOMAINS`. By providing a comma-separated list of domains there you get a certificate where:\n\n\u003e The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. \n\nThe first domain refers to the `hostname` of the container.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikybars%2Fdocker-apache2-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikybars%2Fdocker-apache2-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikybars%2Fdocker-apache2-letsencrypt/lists"}