{"id":15691557,"url":"https://github.com/trajano/nginx-letsencrypt","last_synced_at":"2025-05-08T01:00:32.860Z","repository":{"id":66944751,"uuid":"131338354","full_name":"trajano/nginx-letsencrypt","owner":"trajano","description":"Nginx + LetsEncrypt on docker","archived":false,"fork":false,"pushed_at":"2020-05-03T11:52:19.000Z","size":25,"stargazers_count":8,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-31T16:02:12.996Z","etag":null,"topics":["docker-image","letsencrypt","nginx"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/trajano/nginx-letsencrypt/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trajano.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-27T19:44:18.000Z","updated_at":"2021-02-14T06:11:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"eaa79845-9270-4447-8311-6c5c2ee1f8ba","html_url":"https://github.com/trajano/nginx-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trajano%2Fnginx-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trajano%2Fnginx-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trajano%2Fnginx-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trajano%2Fnginx-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trajano","download_url":"https://codeload.github.com/trajano/nginx-letsencrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252978754,"owners_count":21834915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","letsencrypt","nginx"],"created_at":"2024-10-03T18:22:17.750Z","updated_at":"2025-05-08T01:00:32.824Z","avatar_url":"https://github.com/trajano.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nginx + LetsEncrypt on Docker\n\nThis container provides a nginx with LetsEncypt enabled.  When tested with SSLLabs it should yield and A+ rating.  It supports streaming along with the normal proxying support.\n\n## How nginx is initially setup\n\n1. `EMAIL` environment variable specifies the email address that will recieve the notifications when there is a renewal needed\n2. `DOMAINS` environment variable specifies a *comma* separated list of FQDNs for the certificate.  It is expected that the first one would be primary and will be put in the `/etc/letsencrypt/live` folder.  (Comma separated was choses to avoid the hassle of adding extra quotes)\n3. When the `/etc/letsencrypt/live folder` is missing the `init` script will start up `certbot` in standalone mode.  This will create the necessary files to enable SSL.  Otherwise we would require two configuration files for nginx (one with and one without SSL).\n\n# Customization points\n\nThe `/etc/nginx/conf.d` folder is processed and contains deployment specific configurations done through Docker `configs`.  This is not a volume mount.  This is processed before `deployment.d`.\n\nThe `/etc/nginx/deployment.d` folder is also processed and contains deployment specfific configurations that can be mounted as a volume if desired.\n\n`/etc/nginx/{conf|deployment}.d/{server_name}.conf.*` is expected to contain the virtual server specific configurations.  The default configuration will simply `return 502` (gateway eror) for every request.\n\n`/etc/nginx/{conf|deployment}.d/*.conf.stream` is expected to contain stream specific configurations which are useful for passing the request / response as is to an upstream server.\n\nThe following is an example of an upstream server called `intranet` which the nginx server will route to if the request is for `i.trajano.net` the `default default_https` is needed to make it do the normal processing specified in the previous paragraph.\n\n    upstream intranet {\n        server intranet:443;\n    }\n\n    map $ssl_preread_server_name $upstream {\n        default default_https;\n        i.trajano.net intranet;\n    }\n\n## NOTE\n\n* On first initialization there will be no output for a while, this is because the DHPARAM generation takes quite a bit of time combined with the initial certificate generation.\n* The `worker_processes` value is adjusted automatically to the number of available CPUs from *cgroup*, nginx official image hard codes it to `1`.\n* Due to the nature of nginx and SSL certificates, it is not safe to run this configuration with multiple replicas especially when there are renewals.  The `worker_processes` value is adjusted automatically to the number of available CPUs allocated though so it can handle more load.\n* `/.well-known/acme-challenge` URI will points to `/tmp/.well-known/acme-challenge` to provide the challenges required by LetsEncrypt for renewals.\n* Content (including proxied content) will be gzipped in transit to reduce network usage.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrajano%2Fnginx-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrajano%2Fnginx-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrajano%2Fnginx-letsencrypt/lists"}