Giters

extremeshok / docker-acme-http2https

letsencrypt support and automatically redirect all http traffic to https

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

docker-acme-http2https

https://hub.docker.com/r/extremeshok/acme-http2https

letsencrypt support which will automatically redirect all http traffic to https

View docker-compose-sample.yml in the source repository for usage

features

  • Alpine latest with s6
  • HEALTHCHECK activated
  • Nginx
  • redirects http to httpS
  • acme.sh ACME client
  • acme.sh is updated on container start
  • After acme client has run, sleep for 1 day and watching /acme/domain_list.txt for changes
  • check the domains and alias domains can be accessed before doing acme, prevents wasted acme calls which will fail
  • automatically removes alias domains which do not resolve from the certificate
  • Support for both /certs and /var/www/vhosts directory layouts
  • Default to generate a 4096bit DHPARAM, Set GENERATE_DHPARAM=false to use the bundled 4096 dhparam
  • Generates a default /root/.rnd (fixes: Can't load /root/.rnd into RNG)
  • Optional Email notifications on failure with support for custom smtp server

OPTIONS with defaults

REGISTERED_EMAIL=admin@extremeshok.com NOTIFY_EMAIL=REGISTERED_EMAIL DEFAULT_CA=letsencrypt ENABLE_STAGING=no ENABLE_DEBUG=no SKIP_IP_CHECK=no SKIP_DOMAIN_CHECK=no GENERATE_DHPARAM=yes UPDATE_ACME=yes RESTART_DOCKER=no ACME_RESTART_CONTAINERS= ACME_DOMAINS= NOTIFY=no

/certs dir

If detected, will copy the certificates and keys to /certs/domain.com/

/var/www/vhosts

If detected, will copy the certificates and keys to /var/www/vhosts/domain.com/certs/

List of certificates, optional

ACME_DOMAINS=www.domain.com,domain.com;my.otherdomain.net;www.randomdomain.com

List of docker containers to restart, assume docker socket is connected

ACME_RESTART_CONTAINERS=xshok_baseimagealpine_1;xshok_baseimagealpine_2;xshok_baseimagealpine_3 Note: docker socket needs to be mapped, ie.

volumes:
  - /var/run/docker.sock:/var/run/docker.sock:rw

example /acme/domain_list.txt

1 certificate per line, first value is the "root aka certificate name"

example.org
example.com www.example.com
example.net www.example.net wiki.example.net
service.example.com *.service.example.com
eggs.example.com *.ham.example.com

Enable generation of 4096bit DHPARAM

GENERATE_DHPARAM=yes Note: will take a long time

Disable checking of external IP connectivity

SKIP_IP_CHECK=no

MAIL NOTIFICATIONS

MAIL options with defaults

NOTIFY=no NOTIFY=REGISTERED_EMAIL SMTP_HOST= SMTP_PORT=587 SMTP_USER= SMTP_PASS=

Use an external SMTP server, default will use sendmail

SMTP_HOST=smtp.domain.com SMTP_PORT=587 SMTP_USER=user@domain.com SMTP_PASS=securepass

To enable Notify via email on failure, set the email address to be notified

if not set NOTIFY_EMAIL will default to the REGISTERED_EMAIL

NOTIFY=yes NOTIFY_EMAIL=your@domain.com

About

letsencrypt support and automatically redirect all http traffic to https

Languages

Language:Shell 90.8%Language:Dockerfile 8.2%Language:HTML 1.0%