Start a HTTPS server that acts as a proxy to other HTTP servers. The idea is that you run your web applications in separate containers and link this container to them.
Automatically obtains and renews SSL certificates using let’s encrypt, and by default redirects from HTTP to HTTPS and sends a Strict-Transport-Security
header.
Example:
docker create \
--name "https-proxy" \
-p 80:80 \
-p 443:443 \
--link test:test \
--link webapp1:webapp1 \
--link webapp2:webapp2 \
-e "HOST_example_com=http://test/" \
-e "HOST_www_example_com=https://example.com/" -e "REDIRECT_www_example_com=permanent"
-e "HOST_example_org=/webapp1/|http://webapp1/|/webapp2/|http://webapp2/" \
-e "HOST_www_example_org=https://example.org/" -e "REDIRECT_www_example_org=permanent"
-v /srv/letsencrypt:/etc/apache2/ssl \
rankenstein/https-proxy-letsencrypt
docker start -a https-proxy
SSL_COMPATIBILITY
: SSL compatibility level, can bemodern
(default),intermediate
orold
HOST_<hostname_with_underscores>
:hostname_with_underscores
is the host name under which to listen (replace.
by_
). The value can be the simple form<url>
, whereurl
is the URL to proxy to (for examplehttp://example.com/
). To map certain paths to certain URLs, use the extend form<path1>|<url1>|<path2>|<url2>|<…>
, wherepath
is the path that should be mapped to the URLurl
(specifyingHOST_www_example_com=/webapp1/|http://webapp1/
will proxy the URLhttps://www.example.com/webapp1/
tohttp://webapp1/
). The order is important, paths with less slashes should come earlier in the list.ALLOW_NONSSL_<hostname_with_underscore>
: Set toyes
to disable forwarding from http to https for this host.REDIRECT_<hostname_with_underscore>
: Redirect instead of proxy. The value can be a status code or one oftemp
,permanent
, orseeother
.ALIAS_<hostname_with_underscore>
: A space-separated list of alias hostnames. Possible to use wildcards.PRESERVE_HOST
andPRESERVE_HOST_<hostname_with_underscore>
: Set toyes
to send original host name via proxy.ACME_EMAIL
: E-mail address to use for let’s encrypt. Optional, but you will receive e-mail warnings in case your certificate is not renewed on time for some reason.NO_SSL
: Disable SSL altogether
/etc/apache2/ssl/
: The SSL certificate obtained from let’s encrypt will be put here. They should be persisted to avoid having to recreate them on container recreation, as let's encrypt currently limits certificate creation to 5 per domain per week.