Setup NGINX With Let’s Encrypt SSL Using Docker And Cloudflare
Setting up NGINX with a free Let’s Encrypt SSL certificate is a breeze using Docker and the container maintained by Linuxserver.io. The default setup will have a few different DNS options available. If using Cloudflare make sure under the dns-conf folder there is a cloudflare.ini file. If not use the below directions to setup the container and Cloudflare config.
Setup Docker Compose
Below is an example of my docker compose snippet for the Swag container:
letsencrypt:
container_name: letsencrypt
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- URL=<website.com>
- SUBDOMAINS=wildcard
- VALIDATION=dns
- DNSPLUGIN=cloudflare
- EMAIL=<email@gmail.com>
- DHLEVEL=2048
- ONLY_SUBDOMAINS=true
- STAGING=false
ports:
- '443:443'
- '80:80'
volumes:
- '<config location>:/config'
restart: always
image: linuxserver/swag
Setup Cloudflare DNS Credentials
The Cloudflare setup requires an API key which can be found in My Profile and tab API tokens after logging into Cloudflare.
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <email@gmail.com>
dns_cloudflare_api_key = <api key>
Start Swag Container
Now start up the Swag container by running the command “docker-compose up -d” in the folder where the docker-compose file is located. Now navigate to the “config” location setup in the docker compose volume and open folder ‘dns-conf’.
Setup Cloudflare DNS file
Cloudflare.ini file should be located and the above information taken from the Cloudflare website can be setup and saved. If using another DNS provider fill in the proper file.
Restart Swag Container
Now we can restart the container so it can use the updated DNS settings. The following command will recreate the container and start it up at the same time.
docker-compose up -d --force-recreate --no-deps --build letsencrypt
Validate the Container
Open a browser and enter ‘localhost’ and it should load properly. Entering in the URL entered as an environment variable in the docker compose file should also load. Pages should work in HTTPS if not check the container logs.