Securing web services with Let's Encrypt (Docker and Bitnami)

As I spent some time trying to get this to work, so I write my steps down, as personal knowledge base.


One of the most useful docker containers out there is jwilder's nginx-proxy. There is a companion docker container for let's encrypt which works fine... if you know how to use it. The documentation was (for me) not clear at all, so I try to write the important steps down here.

  1. Start nginx-proxy, just as documented, but don't forget the network your web services will join. Remember to adjust /path/to/certs, this volume has to point to an existing (empty) directory.
docker run -d -p 80:80 -p 443:443 \
    --name nginx-proxy \
    --net nginx_default \
    -v /path/to/certs:/etc/nginx/certs:ro \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
  1. Start letsencrypt-nginx-proxy-companion, just as documented there as well. Adjust the /path/to/certs here as well, pointing to the same directory as above.
docker run -d \
    -v /path/to/certs:/etc/nginx/certs:rw \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    --volumes-from nginx-proxy \
    --name letsencrypt-nginx-proxy-companion \
  1. Start your web service, setting the correct environment variables and connecting to the same network (apache, in this example). In general, VIRTUAL_HOST and LETSENCRYPT_HOST should match. Certificates will only be generated automatically if both LETSENCRYPT_HOST and LETSENCRYPT_EMAIL are set.
    Of course, your nginx-proxy started above has to be reachable under the given URL (if not, let's encrypt will not be able to verify the domain).
docker run -d \
    --name example-app \
    --net nginx_default \
    -e "VIRTUAL_HOST=my.domain.tld" \
    -e "LETSENCRYPT_HOST=my.domain.tld" \
    -e "" \

That's the short documentation. For more and more detailed documentation, read and

Of course, this works together in a docker-compose file as well.

version: '2'
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: always
    - 443:443
    - 80:80
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - /path/to/certs:/etc/nginx/certs:ro
    - /etc/nginx/vhost.d
    - /usr/share/nginx/html
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-nginx-proxy-companion
    restart: always
    - /path/to/certs:/etc/nginx/certs:rw
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - nginx-proxy


This worked without any problems, Just follow the description given here:

It is not as automated as with the docker nginx solution, but works fine and is quite easy to set up.

I had some problems convincing the apache to redirect automatically from http to https. Eventually this link helped: