Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hartwork/docker-ssl-reverse-proxy
:lock: Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt
https://github.com/hartwork/docker-ssl-reverse-proxy
caddy docker docker-compose docker-image https lets-encrypt letsencrypt proxy python python-3 python3 reverse-proxy reverseproxy ssl ssl-proxy tls tls-proxy
Last synced: 12 days ago
JSON representation
:lock: Easy-to-use auto-SSL reverse proxy as a Docker container based on Caddy and Let’s Encrypt
- Host: GitHub
- URL: https://github.com/hartwork/docker-ssl-reverse-proxy
- Owner: hartwork
- Created: 2018-06-23T18:40:01.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2025-01-10T02:59:46.000Z (13 days ago)
- Last Synced: 2025-01-10T03:27:54.077Z (13 days ago)
- Topics: caddy, docker, docker-compose, docker-image, https, lets-encrypt, letsencrypt, proxy, python, python-3, python3, reverse-proxy, reverseproxy, ssl, ssl-proxy, tls, tls-proxy
- Language: Python
- Homepage:
- Size: 77.1 KB
- Stars: 24
- Watchers: 6
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# About docker-ssl-reverse-proxy
My situation was this:
I had multiple Docker containers serving websites on port 80.
I wanted a single reverse proxy with SSL powered by
[Let's Encrypt](https://letsencrypt.org/)
in front of them that keeps certificates fresh and supports
multiple domain names per website (e.g. with `www.` subdomain and without).
Plain HTTP should be redirected to HTTPS on the master domain for each website,
alias domains should redirect to the master domain for both HTTP and HTTPS.
And that reverse proxy should also run in a Docker container.
This repository has all of that. The heavy lifting is done by
[Caddy](https://caddyserver.com/)
and there's a [small tool](Caddyfile.generate) to generate Caddy configuration
from a minimal
[ini-like](https://docs.python.org/3/library/configparser.html)
`sites.cfg` file for you ([see example](sites.cfg.EXAMPLE.gentoo-ev)).
Thanks to Abiola Ibrahim ([@abiosoft](https://github.com/abiosoft))
for sharing his
[Caddy 1.x.x Docker images](https://github.com/abiosoft/caddy-docker)
that I build upon prior to switching to
[official Caddy 2.x.x Docker images](https://hub.docker.com/_/caddy).
# Getting Started
1. Create a simple `sites.cfg` file manually
as seen in the [example](sites.cfg.EXAMPLE.gentoo-ev).
2. Run [`./Caddyfile.generate`](Caddyfile.generate)
to generate `Caddyfile` from `sites.cfg` for you.
3. Create Docker network `ssl-reverse-proxy` for the reverse proxy
and its backends to talk:
`docker network create --internal ssl-reverse-proxy`
4. Spin up the container:
`docker-compose up -d --build`
5. Have backend containers join network `ssl-reverse-proxy`,
e.g. as done in the proxy's own
[`docker-compose.yml` file](docker-compose.yml).
6. Enjoy.
# How to write the `sites.cfg` file
The format is rather simple and has three options only.
Let's look at this example:
[example.org]
backend = example-org:80
aliases =
www.example.org
example.net
www.example.net
Section name `example.org` sets the master domain name that all alias domains
redirect to. `backend` points to the hostname and port that serves actual
content. Here, `example-org` is the name of the Docker container that
Docker DNS will let us access because we made both containers join external
network `ssl-reverse-proxy` in their `docker-compose.yml` files.
`aliases` is an optional list of domain names to have both HTTP and HTTPS
redirect to master domain `example.org`. That's it.
The `Caddyfile` generated from that very `sites.cfg` would read:
# NOTE: This file has been generated, do not edit
(common) {
encode zstd gzip
log {
output stdout
}
}
example.org {
import common
reverse_proxy example-org:80 {
header_down +Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
}
example.net {
import common
redir https://example.org{uri}
}
www.example.net {
import common
redir https://example.org{uri}
}
www.example.org {
import common
redir https://example.org{uri}
}
# Support and Contributing
If you run into issues or have questions, please
[open an issue ticket](https://github.com/hartwork/docker-ssl-reverse-proxy/issues)
for that.
Please know that `sites.cfg` and [`Caddyfile.generate`](Caddyfile.generate)
are not meant to cover much more than they already do. If it grows as powerful
as `Caddyfile` we have failed.