Automatically make web apps use HTTPS with Let's Encrypt, Nginx, and Docker

1. Make sure you have docker already installed.
2. Install the Nginx proxy with docker-gen
   

   
   sudo docker run --name=Nginx -d \
   --restart=always \
   -p 80:80 -p 443:443 \
   -v /data/certs:/etc/nginx/certs:ro \
   -v /var/run/docker.sock:/tmp/docker.sock:ro \
   -v /data/Nginx/vhost.d:/etc/nginx/vhost.d \
   -v /data/Nginx/html:/usr/share/nginx/html \
   --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
   jwilder/nginx-proxy
   

   
   
3. Since I run portainer, start it up with the VIRTUAL_HOST and VIRTUAL_PORT environment variables so that docker-gen can pick it up. You can do this with any app you desire.
   

   
   sudo docker run --name Portainer -d \
   --restart=always \
   -p 9000:9000 \
   -v /var/run/docker.sock:/var/run/docker.sock \
   -v portainer_data:/data \
   -e VIRTUAL_HOST=portainer.local.network \
   -e VIRTUAL_PORT=9000 \
   portainer/portainer
   

   
   
4. Now to use the Let's encrypt container to make certificates for our docker containers:
   

   
   sudo docker run --name=Letsencrypt -d \
   --restart=always \
   -v /data/certs:/etc/nginx/certs:rw \
   -v /var/run/docker.sock:/var/run/docker.sock:ro \
   --volumes-from Nginx \
   jrcs/letsencrypt-nginx-proxy-companion
   

   
   
5. To enable SSL for your site, set the environment variables VIRTUAL_PROTO=https, VIRTUAL_PORT=433 environment as well as the LETSENCRYPT_HOST and LETSENCRYPT_EMAIL variables so that docker-gen can pick it up. You can do this with any app you desire. You will also need to mount the certificates and keys within the SSL folder of the container for the container to use the LetsEncrypt keys.

Making Docker Daemon listen on network port during start-up

Took a bit of time to find the relevant documentation piece, so I thought I would outline it here for easy reference.

Option 1:

This should work for some systems, although distributions that use systemctl may have their docker.service entry overwrite this setting, so you will need to use option 2.

1. If not already created, create the file /etc/docker/daemon.json
2. Add in the following:
   

   
   {
     "hosts": ["fd://", "tcp://0.0.0.0:2375"]
   }
   

3. Restart docker and check the docker daemon process. It should have the additional -H flag like so:
   

   
   $ sudo ps aux | grep dockerd
   root     31239  0.7  0.2 1007880 72816 ?       Ssl  15:03   0:00 /usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375
   

Option 2:

1. Edit the service by running:
   

   
   sudo systemctl edit docker.service
   

   
   
2. Add the following lines:
   

   
   [Service]
   ExecStart=
   ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375
   

3. Reload the service configuration:
   

   
   sudo systemctl daemon-reload

4. Restart the daemon:
   

   
   sudo systemctl restart docker.service

5. Use the last step of the previous option to test whether docker is listening on the network port