This repository is a tiny wrapper around the awesome Lego ACME client. It adds automatic certificat renew support which is currently missing from the official Lego Docker image. It does so by using cron to periodically invoke the client to update the certificates. Migrating to this image from an existing setup is straightforward: The command fed to the image is passed to the run or renew command respectively. Because of this the image is also very future proof since all commands and arguments are passed directly to the original client.
Usage with nginx-proxy
version: '2'
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
lego-acme:
image: cilenco/lego-cron-wrapper
container_name: lego-acme
command: >
--accept-tos --email=<YOUR_EMAIL> --dns <DNS_PROVIDER>
--domains=*.<YOUR_DOMAIN> --domains=<YOUR_DOMAIN>
environment:
- RUN_ARGUMENTS=--run-hook=/app/deploy
- RENEW_ARGUMENTS=--renew-hook=/app/deploy
# Add environment variables used by your DNS provider
volumes:
- certs:/app/certificates
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./deploy.sh:/app/deploy
volumes:
certs:
external: trueThe deploy script mounted to the acme container can be found in this repo as well. If you would like to create it on your own don't forget to make it executable! All it does is to copy the certificates with the correct name to the external volume and restarts the nginx-proxy container.
#!/bin/sh
FILE_NAME="${LEGO_CERT_DOMAIN#\*.}"
cp -f $LEGO_CERT_PATH /app/certificates/$FILE_NAME.crt
cp -f $LEGO_CERT_KEY_PATH /app/certificates/$FILE_NAME.key
curl --unix-socket /var/run/docker.sock -X POST http://localhost/containers/nginx-proxy/restart