Skip to content
/ docker-haproxy-certbot Public

Dockerized HAProxy with Let's Encrypt certificates automatic renewal

68 stars 54 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tomdess/docker-haproxy-certbot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
.github/workflows
.github/workflows
 
 
conf
conf
 
 
haproxy-acme-validation-plugin
haproxy-acme-validation-plugin
 
 
run
run
 
 
scripts
scripts
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Dockerized HAProxy with Let's Encrypt automatic certificate renewal capabilities

This container provides an HAProxy instance with Let's Encrypt certificates generated at startup, as well as renewed (if necessary) once a week with an internal cron job.

Usage

Pull from Github Packages ghcr.io:

docker pull ghcr.io/tomdess/docker-haproxy-certbot:master

Build from Dockerfile:

docker build -t docker-haproxy-certbot:latest .

Run container:

Example of run command (replace CERTS,EMAIL values and volume paths with yours)

docker run --name lb -d \
    -e CERT1=my-common-name.domain, my-alternate-name.domain \
    -e [email protected] \
    -e STAGING=false \
    -v /srv/letsencrypt:/etc/letsencrypt \
    -v /srv/haproxycfg/haproxy.cfg:/etc/haproxy/haproxy.cfg \
    --network my_network \
    -p 80:80 -p 443:443 \
    ghcr.io/tomdess/docker-haproxy-certbot:master

Run with docker-compose:

Use the docker-compose.yml file in run directory (it creates 3 containers, the haproxy one, a nginx container linked in haproxy configuration for test purposes and a sidecar rsyslog container)

$ cd run
$ mkdir data
$ cp ../conf/haproxy.cfg data/

# modify CERT1 variables and EMAIL with your names/values:
version: '3'
services:
    haproxy:
        container_name: lb
        environment:
            - CERT1=www.your-mysite.com
            - EMAIL=your-email
            - STAGING=false
        volumes:
            - '$PWD/data/letsencrypt:/etc/letsencrypt'
            - '$PWD/data/haproxy.cfg:/etc/haproxy/haproxy.cfg'
        networks:
            - lbnet
        ports:
            - '80:80'
            - '443:443'
        image: 'ghcr.io/tomdess/docker-haproxy-certbot:master'
    nginx:
        container_name: www
        networks:
            - lbnet
        image: nginx
    rsyslog:
        container_name: rsyslog
        environment:
            - TZ=UTC
        volumes:
            - '$PWD/data/rsyslog/config:/config'
        networks:
            - lbnet
        ports:
            - '514:514'
        image: 'rsyslog/syslog_appliance_alpine'

networks:
  lbnet:

# start containers (creates the certificate)
$ docker-compose up -d

Customizing Haproxy

You will almost certainly want to create an image FROM this image or mount your haproxy.cfg at /etc/haproxy/haproxy.cfg.

docker run [...] -v <override-conf-file>:/etc/haproxy/haproxy.cfg ghcr.io/tomdess/docker-haproxy-certbot:master

The haproxy configuration provided file comes with the "resolver docker" directive to permit DNS runt-time resolution on backend hosts (see https://github.com/gesellix/docker-haproxy-network)

Renewal cron job

Once a week a cron job check for expiring certificates with certbot agent and reload haproxy if a certificate is renewed. No containers restart needed.

Credits

Most of ideas taken from https://github.com/BradJonesLLC/docker-haproxy-letsencrypt

About

Dockerized HAProxy with Let's Encrypt certificates automatic renewal

Topics

letsencrypt docker ssl docker-compose docker-image haproxy certbot lets-encrypt

Resources

Readme
Activity

Stars

68 stars

Watchers

5 watching

Forks

54 forks
Report repository

Releases

29 tags

Packages

 
 
 

Contributors 5

Languages