Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

Member-only story

Easy HTTPS with letsencrypt and docker-compose

steve
4 min readNov 12, 2018

--

So, you’ve started writing a new web application, and you’re using docker-compose to manage your app and easily set up dependencies such as databases. Now, you want to make sure all traffic to your app is encrypted via HTTPS—well, you should want that anyway. Where do you go from here?

You may be familiar with Let’s Encrypt, who provide free SSL certificates. You may have already found the linuxserver/docker-letsencrypt image (spoiler alert: we’re gonna use it), but it only gives instruction for a basic Docker setup, and you might not be so well-versed in Docker or docker-compose. Fortunately, I’ve already gone through the trouble of figuring it out, and I’m gonna lay out the steps here. Just add water!

Please don’t add water to your computer or any other electronic device.

So, let’s get started. Say you already have a simple service running in a container:

# docker-compose.yml
version: "3"
services:
  your_app:
    container_name: your_app
    build: .
    restart: always

I’m going to assume some basic familiarity with standard Dockerfiles, because they’re out of scope for this article.

In my case, I had a basic Node.js app which I wanted to serve over HTTPS. Note that there are no ports published; we’ll use a separate production configuration file to set up letsencrypt, and the configuration for that container will in turn expose the necessary ports.

Without further ado:

# docker-compose-production.yml
version: "3"
services:
  your_app:
    depends_on:
      - your_app-letsencrypt
  your_app-letsencrypt:
    image: linuxserver/letsencrypt
    container_name: your_app-letsencrypt
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./config/letsencrypt:/config
    environment:
      - EMAIL=you+letsencrypt@yourapp.com
      - URL=yourapp.com
      - SUBDOMAINS=www,api
      - VALIDATION=http
      - TZ=Europe/Stockholm
      - PUID=0
      - PGID=0

You can read about the various settings in the documentation for the linuxserver/docker-letsencrypt image, but let’s go over a couple here.

The image comes with a default nginx setup that you can easily point to your app’s container (we’ll be doing this shortly)…

--

--

steve
steve

Written by steve

4 Followers
2 Following

Software Engineer at MatHem

Responses (2)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech