Using Jwilder Nginx Reverse Proxy With Wildcard SSL Certificate

You will often find that there are docker images for web services that you want, but they often don't have support for SSL. For these cases you need to implement some sort of reverse proxy, with the proxy handling the SSL certificates. A popular reverse proxy is the jwilder/nginx-proxy.

I struggled to get this to work because I was providing my own certificate, and it was a wildcard certificate, instead of one specific to the domain I was pointing to. Hence I am posting the solution I found.

Steps

The docker-compose.yml file below is for a site at my-site.programster.org that is using a wildcard certificate for programster.org (e.g. *.programster.org), but we call the certificate filesprogramster.org.crt and programster.org.key (you need to use the .crt and .key naming convention for this to work). Those certificate files are in a folder at $HOME/ssl.

version: '2.2'

services:
  reverse-proxy:
    image: jwilder/nginx-proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - $HOME/ssl:/etc/nginx/certs

  web:
    image: httpd
    environment:
      - VIRTUAL_HOST=my-site.programster.org
      - VIRTUAL_PROTO=http
      - VIRTUAL_PORT=80
      - CERT_NAME=programster.org

References

• Github - nginx-proxy issues - Support for multiple certificate names in CERT_NAME
• Github - nginx-proxy
• Dockerhub - jwilder/nginx-proxy