acme-companion | Automated ACME SSL certificate generation for nginx-proxy | TLS library
kandi X-RAY | acme-companion Summary
kandi X-RAY | acme-companion Summary
acme-companion is a lightweight companion container for nginx-proxy. It handles the automated creation, renewal and use of SSL certificates for proxied Docker containers through the ACME protocol. Required read if you use the latest version : the v2.0.0 release of this project mark the switch of the ACME client used by the Docker image from simp.le to acme.sh. This switch result in some backward incompatible changes, so please read this issue and the updated docs for more details before updating your image. The single most important change is that the container now requires a volume mounted to /etc/acme.sh in order to persist ACME account keys and SSL certificates. The last tagged version that uses simp_le is v1.13.1.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of acme-companion
acme-companion Key Features
acme-companion Examples and Code Snippets
Community Discussions
Trending Discussions on acme-companion
QUESTION
I have a VPS with nginx-proxy container, and I create some wordpress website with phpmyadmin service. If I want to create another site with this definition I got "same port" problem. Ok, I can change the port to 2998 and it works fine but I need to add a new open port to my VPS. I don't want to add or change the port for each site.
Now:
- example-a.com:2999 -> example-a phpmyadmin login page
- examlpe-b.com:2998 -> example-b phpymadmin login page
Is there a way to direct me to the appropriate container by domain address?
- example-a.com:2999 -> example-a phpmyadmin login page
- examlpe-b.com:2999 -> example-b phpymadmin login page
My nginx proxy definition
...ANSWER
Answered 2022-Mar-07 at 12:49What you want is not possible, but you probably don't actually want it. It becomes clear once you think through what you want to configure, and what would happen if a user would go to either URL:
- you have configured
example-a.comto point to your IP - you have configured
example-b.comto point to your IP - you have configured your
nginx-proxycontainer to listen on ports80and443 - you want to configure your WordPress containers to both listen on port
2999 - you, or rather the
acme-companion, have configured yournginxcontainer to forward HTTP requests that ask for hostexample-a.comto go to the container for example A with port2999, and requests that ask forexample-b.comto go to container B with port2999
Now, you can see right away that you have two things attempting to listen on the same network interface with port 2999 - that doesn't work, and it can't, because who would handle picking up incoming requests before the request is parsed to find out which host it wanted ? Container A can't accept the request and, if it's meant for B, hand the request over - A doesn't know about B.
So if you think about a user sending a request to example-a.com:2999, what really happens is that a request goes to :2999, just like if a user goes to example-b.com:2999, it will end up going to :2999.
How can that problem be solved ? By having a third container C that accepts user requests, looks into the request, and based on whether they wanted container A or B, hands the request over to A or B.
Here is the great thing: you already have that! Container C is really your nginx container, which is listening on port 80/443. So if your users go to example-a.com without providing a port, it will go to 80 or 443 (depending on whether they used http or https). Then, nginx will analyze the request, and send it to the correct container. For this, it doesn't really matter what port A and B listen on, because to the outside world, it looks like they are listening on 80/443.
So the real answer is that while you can't combine custom ports with virtual hosts and use the same port for multiple containers (other than 80/443), you don't actually NEED custom ports in the first place! If you just configure your containers with the default ports, users can use both https://example-a.com and https://example-b.com and it will 'just work'™
QUESTION
I'm trying to run a fairly simple docker stack, but for some reason it is failing to register certificates.
My composer:
...ANSWER
Answered 2021-Sep-13 at 11:46If anyone stumbles on to this issue then here is the fix. It seems to affect alpine version 3.13 and probably other ones.
QUESTION
I am trying to go rootless with Docker.
I have followed all the steps presented in the official documentation. I also allowed the use of the unprivileged ports, to include the 443.
To test if everything works the way I need it, I installed the "nginx-proxy-automation".
Everything got installed flawlessly. However, the jrcs/letsencrypt-nginx-proxy-companion:2.1 container
ANSWER
Answered 2021-Jul-13 at 03:14This is a jrcs/letsencrypt-nginx-proxy-companion specific bug, if you look in the docker-compose.yml you will see this.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install acme-companion
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
