6
Wombat
5y

Why is Docker + SSL certificates so confusing? Or do I just have bad resources?

I just want to know how to compose an Docker, Nginx setup with encryption.

Comments
  • 9
    It's easier to have the certificates outside your container. Just a hint. ;)
  • 2
    Use the nginx-proxy docker container by jwilder! That will do everything for you
  • 1
    When using caddy instead of nginx they tell you to bind the volumes of the certificates to the host system.
  • 0
    @Codex404 do you have experience using caddy? Is it as good as Nginx?
  • 3
    @Wombat i dont have experience with nginx, but its faster and way easier than apache.
  • 2
    If you're using let's encrypt, I personally think Linuxserver.io has an amazing container for that. And if you use a dns service that has a certbot plugin, you don't even have to worry about redirecting traffic to the container that's fetching the certs, like you'd normally do
  • 2
    I run nginx outside my containers and and connect everything with reverse proxys. Works great and is easy to manage.
  • 1
    it is simple, mount your certificates folder to your container, to make updating certs easier than having to work with the container it self.
    Now, in nginx, you need to tell it where your certs are, simply point nginx to the folder of your container that you are mounting to host

    For me, I usually keep nginx on the host rather than running in container, and I usually put a proxy server infront of my main server, and make proxy server talk on local network to docker server. Of course using https. Or you can take it a step further and make a private VPN between your servers
  • 1
    I follow this tutorial every time I want to use nginx and let's encrypt: https://digitalocean.com/community/...
  • 0
    @gitpush I know this tutorial. I am using it too. But in combination with Docker it all seems way more complicated to me. I am even unsure now, if docker will actually make things easier... 😥
  • 1
    @Wombat while it definitely isn't just a one solution fixes all, docker will definitely help, once you've got it figured. It's just that that part can be a bit tricky
Add Comment