Securing web services with Let's Encrypt (Docker and Bitnami)

As I spent some time trying to get this to work, so I write my steps down, as personal knowledge base.

Docker

One of the most useful docker containers out there is jwilder's nginx-proxy. There is a companion docker container for let's encrypt which works fine... if you know how to use it. The documentation was (for me) not clear at all, so I try to write the important steps down here.

  1. Start nginx-proxy, just as documented, but don't forget the network your web services will join. Remember to adjust /path/to/certs, this volume has to point to an existing (empty) directory.
docker run -d -p 80:80 -p 443:443 \
    --name nginx-proxy \
    --net nginx_default \
    -v /path/to/certs:/etc/nginx/certs:ro \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
    jwilder/nginx-proxy
  1. Start letsencrypt-nginx-proxy-companion, just as documented there as well. Adjust the /path/to/certs here as well, pointing to the same directory as above.
docker run -d \
    -v /path/to/certs:/etc/nginx/certs:rw \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    --volumes-from nginx-proxy \
    --name letsencrypt-nginx-proxy-companion \
    jrcs/letsencrypt-nginx-proxy-companion
  1. Start your web service, setting the correct environment variables and connecting to the same network (apache, in this example). In general, VIRTUAL_HOST and LETSENCRYPT_HOST should match. Certificates will only be generated automatically if both LETSENCRYPT_HOST and LETSENCRYPT_EMAIL are set.
    Of course, your nginx-proxy started above has to be reachable under the given URL (if not, let's encrypt will not be able to verify the domain).
docker run -d \
    --name example-app \
    -e "VIRTUAL_HOST=my.domain.tld" \
    -e "LETSENCRYPT_HOST=my.domain.tld" \
    -e "LETSENCRYPT_EMAIL=my@valid.email" \
    tutum/apache-php

That's the short documentation. For more and more detailed documentation, read https://github.com/jwilder/nginx-proxy and https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion.

Bitnami

This worked without any problems, Just follow the description given here: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

It is not as automated as with the docker nginx solution, but works fine and is quite easy to set up.

I had some problems convining the apache to redirect automatically from http to https. Eventually this link helped: https://community.bitnami.com/t/http-https-redirect-not-working/46642/2

Securing web services with Let's Encrypt (Docker and Bitnami)
Share this