Docker container providing nginx/letsencrypt support
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

138 lines
4.0 KiB

## ungleich-certbot
This container is made for getting **real world** certificates
for your kubernetes cluster.
The assumption is that you can point the DNS name to the container
from outside. This is by default given for **IPv6 only kubernetes
The source of this image can be found on
## Usage
* Set the environment variable DOMAIN to specify the domain for which
to get a certificate
* Set the environment variable EMAIL (this is where letsencrypt sends
warnings to)
* Set the environment variable STAGING to "no" if you want to have
proper certificates - this is to prevent you from asking the real
letsencrypt service accidently by default
1 year ago
* By default the container allows world read access to the
certificates, so that non-root users can access the certificates.
Set the LEAVE_PERMISSIONS_AS_IS environment variable to instruct the
container not to change permissions
* If you setup the variable NO_NGINX to any value, the container will
NOT start nginx and use certbot in standalone mode
1 year ago
docker run -e \
-e \
1 year ago
### Production certificate
docker run -e \
-e \
-e STAGING=no \
you will get a proper, real world usable nginx server. Inject the
nginx configuration by meains of a volume to /etc/nginx/conf.d
### Adding or overriding nginx configurations
To add your own nginx configurations, create the directory
/nginx-configs and add your configurations in there:
docker run -e \
-e \
-v /path/to/config:/nginx-configs \
By default this image is deploying the *default.conf*. If you want to
override the default image nginx configuration, you can supply your
own default.conf.
### Exiting after getting the certificate
By default, the container will stay alive and try to renew the
certificate every day. If you set the environment variable
`ONLYGETCERT`, then it will only get the certificates and exit.
This mode can be used
as a [kubernetes Job](
### Only renewing the certificate once
If you only want to trigger renewing existing certificates and skip
getting the certificates initially, you can set the variable
`RENEWCERTSONCE`, then it will only renew all certificates and exit.
* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the
container exits
This mode can be used
as a [kubernetes Job](
## Volumes
If you want to keep / use your certificates, you are advised to create
a volume below /etc/letsencrypt.
8 months ago
## Changelog
### 0.1.0
Usable with automatic renewal
### 0.2.0
Added support for nginx webserver, based on official nginx image
### 1.0.0
- Start nginx in foreground, if not opted out
- Nicely shows erros of nginx starting, which is what we need
- Starting nginx by default on port 80
- Removed variable NGINX to start nginx
- Introducted variable NO_NGINX to prevent nginx from starting
- Changed the wait time for domain resolution test to every 2 seconds
- helps to startup faster
- Added directory /nginx from which configuration files are sourced
- can be used to overwrite built-in configurations
- Create file /tmp/last_renew for checking when
- Dropped support for NGINX_HTTP_REDIRECT (always enabled with nginx
now) -- can be overwritten by overriding /nginx directory
- Dropped support for ONLYRENEWCERTS - this is covered by NO_NGINX already
8 months ago
### 1.1.0
- Allow better way to inject configurations
### 1.1.1
- Fix incorrect configuration sourcing
### 1.1.2
- Add missing crond invocation
### 1.1.3
- Add missing http directory
## Kubernetes