Nginx-Certbot Container

When I first started running my environment in containers via Docker I used a container setup from JWilder, nginx-proxy and letsencrypt-proxy-companion which seems to have been replaced by acme-companion. These containers made using a reverse-proxy with SSL very simple and could be deployed with Infrastructure as Code (IaC) methods.

Sadly, when I moved to Podman these containers were no longer an option due to a missing docker-gen functionality on which these containers depend.

Most people in the community seem to recommend Traefik but when I tested it out I found it to be a horrendously large and confusing service that uses its own webportal, requiring manual setup of site configurations. I missed being able to provide a hand full of arguments to an nginx container that would grab the required LetsEncrypt certificates itself and build out working configurations on the fly.

To this end I started creating nginx-certbot.

Nginx-Certbot is an nginx server that includes the certbot binary, it is able to ingest a json variable to build site configurations on the fly or it can take pre-made site.conf files when setups get a bit more complicated. For my first "public" container I think this is pretty refined and I don't see any way to make it smaller (117MB total with 60.5MB from the alpine base and 54.3MB from certbot).

A basic setup would look like:

podman network create proxy
podman run -d --network proxy --name webserver httpd
podman run -d \
    -p 80:80 -p 443:443 \
    -e PRODUCTION=false \
    -e HOSTS='[{"hostname":"contoso.com","proxy_pass":"http://webserver"}]' \
    -e EMAIL=admin@contoso.com \
    --network proxy \
    --name proxy pipeittodevnull/nginx-certbot:latest

Check out the Readme for a full run down on how to use the container.

The container is on the hub, but I suspect very few will ever use it. No matter what, it works for me and it is fun learning all the CI/CD required to make it work well.