I’ve been self hosting traditionally in debian, but I would like to be able to add services easier using docker. As such, I’m looking to move to a container based architecture.
One place I struggle is that I can’t seem to find a good container where the default image supports ACME to support Let’s encrypt for automatic cert renewal.
For Nginx, I would have you build my container. HAproxy ACME support seems to be a shell script.
Any suggestions?
You must log in or # to comment.
This is usually where something like Traefik comes in. It will reverse proxy the docker instance and it can be configured to handle let’s encrypt. The are also other options I like nginx proxy manager and I think Caddy also can do this, by I don’t have experience with that.
Yep I use caddy for all that. Bonus is caddy has a docker compose proxy plugin where all your domain/port/cert config can be part of your each application’s compose file, rather than needing to make adjustments in caddy centrally. Works great for my purposes.
Traefik does the same thing with docker labels.
I use Caddy and it’s great. ACME is very easy to configure, as is everything else. I haven’t tried running it in a container tho but they have official images published so it should work without issues.
I didn’t understand, why not use nginx? It has built in support for let’s encrypt by default, you just have to activate it in the nginx config. https://nginx.org/en/docs/http/ngx_http_acme_module.html
Traefik and caddy were mentioned, the third in the game is usually nginxproxymanager.
I’m using both traefik and nginx in two different setups. The nginxproxymanager can be configured via UI natively which makes checking configurations a bit easier.
Traefik on the other hand is configured easily within the compose itself and you have everything in one place.
This turned out to be tiresome though if you don’t have a monolithic compose file - that’s actually even hr history why I switched to npm in the first place.
I don’t have any experience with caddy so can’t provide anecdotal insights there.
You might check docker swag. It’s got built in certbot client and has preconfigured support for a couple hundred common self-hosted services.
I second SWAG. nginx, let’s encrypt, plenty of ready-to-go configs, it’s pretty great
It’s not Let’s Encrypt, but I’ve been happy with this Cloudflare-flavored ACME through Caddy.
https://github.com/CaddyBuilds/caddy-cloudflare
I really only use it for my local-hosted stuff that I don’t expose to the web. So, when I’m at home, https://radarr/.[mydomain].com resolves to 192.168.1.145:7878. That sort of thing…
Take a look at Zoraxy or NPM.
Yeah, I switched to Zoraxy from NPM and it’s been great.
I find some of the workflows in it a bit strange, like not having an Add button on the list of host proxies, it’s a separate menu item on the left which weird. And the way you request a SSL cert by hitting OK and then you get a popup asking if you want a cert, and you’d better have already set your options for how you want the cert, but if you create a host without a cert you have to go through all the options again and check them because it doesn’t keep track of your preference.
IDK, in any case it fixed a bunch of problems I was having with NPM so it has that going for it, which is nice.
I have the same issues you listed. I only have one wildcard domain so it was only an issue once but I do think a UI change/workflow would help.
I use Zoraxy and it is great if you like GUIs.
I use docker to host all kinds of containers - I use unbuntu but that doesn’t matter. I use Let’s encrypt for the certs. Then I use a nginx container to proxy all of that. It’s super easy. Any shell scripts are small and easily understood. I’m not sure why you struggle. I can give you samples that have you up in minutes.
