mirror/docker-letsencrypt-nginx-proxy-companion
1
0
Fork 0
mirror of https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion synced 2025-02-22 18:01:10 +01:00
Code Issues Releases Activity
dev
docker-letsencrypt-nginx-pr.../docs/Container-configuration.md
Nicolas Duchon f27cc6c592
Merge branch 'master' into dev
2021-01-04 10:06:00 +01:00

46 lines
3.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Optional container environment variables for custom configuration.
* `ACME_CA_URI` - Directory URI for the CA ACME API endpoint (defaults to ``https://acme-v02.api.letsencrypt.org/directory``).
If you set this environment variable value to `https://acme-staging-v02.api.letsencrypt.org/directory` the container will obtain its certificates from Let's Encrypt test API endpoint that don't have the [5 certs/week/domain limit](https://letsencrypt.org/docs/rate-limits/) (but are not trusted by browsers).
For example
```bash
$ docker run --detach \
--name nginx-proxy-letsencrypt \
--volumes-from nginx-proxy \
--volume /path/to/certs:/etc/nginx/certs:rw \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env "ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory" \
jrcs/letsencrypt-nginx-proxy-companion
```
You can also create test certificates per container (see [Test certificates](./Let's-Encrypt-and-ACME.md#test-certificates))
* `DEBUG` - Set it to `1` to enable debugging of the entrypoint script and generation of LetsEncrypt certificates, which could help you pin point any configuration issues.
* `RENEW_PRIVATE_KEYS` - Set it to `false` to make `acme.sh` reuse previously generated private key for each certificate instead of creating a new one on certificate renewal. Reusing private keys can help if you intend to use [HPKP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning), but please note that HPKP has been deprecated by Google's Chrome and that it is therefore strongly discouraged to use it at all.
* `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `--env DHPARAM_BITS=1024` to support some older clients like Java 6 and 7.
* `NETWORK_SCOPE` The network name, that the container requesting a certificate MUST be connected to, in order to be discovered. You may find this option useful, when the host machine has multiple public IP addresses and you want to run separate nginx-proxy containers that will handle separate services with a proper networking isolation.
If you set this environment variable, you MUST connect the nginx-proxy container to the same network. For example:
```bash
$ docker run --detach \
--name nginx-proxy-letsencrypt \
--volumes-from nginx-proxy \
--volume /path/to/certs:/etc/nginx/certs:rw \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--network domains_group_a
--env "NETWORK_SCOPE=domains_group_a" \
jrcs/letsencrypt-nginx-proxy-companion
```
The created companion will discover only the containers, that are also connected to the `domains_group_a` network.
* `CA_BUNDLE` - This is a test only variable [for use with Pebble](https://github.com/letsencrypt/pebble#avoiding-client-https-errors). It changes the trusted root CA used by `acme.sh`, from the default Alpine trust store to the CA bundle file located at the provided path (inside the container). Do **not** use it in production unless you are running your own ACME CA.
* `CERTS_UPDATE_INTERVAL` - 3600 seconds by default, this defines how often the container will check if the certificates require update.
View Git Blame Copy Permalink