EasyHAProxy can issue a letsencrypt certificate. Follow the steps below:
Run the EasyHAProxy:
docker run \ -e EASYHAPROXY_LETSENCRYPT_EMAIL=[email protected] .... \ byjg/easy-haproxy
Run your container:
docker run \ --label easyhaproxy.express.port=80 \ --label easyhaproxy.express.localport=3000 \ --label easyhaproxy.express.host=example.org \ --label easyhaproxy.express.letsencrypt=true \ .... \ some/myimage
- Your container must listen to port 80. Letsencrypt will not issue the certificate if
easyhaproxy.express.portis in another port, and EasyHAProxy will fail silently.
- You cannot set port 443 for the container with the Letsencrypt because EasyHAProxy will create this port automatically once the certificate is issued.
EASYHAPROXY_LETSENCRYPT_EMAILenvironment variable is required to be set. If you don't set it up, EasyHAProxy will not request a certificate.
Be aware of Letsencrypt issue limits - https://letsencrypt.org/docs/duplicate-certificate-limit/ and https://letsencrypt.org/docs/rate-limits/
Persist your Letsencrypt certificates
It is a good idea to store the letsencrypt certificate in persistent storage because of the limit on how many certificates can be issued for the same domain in a period.
To do this, map the folder
/certs/letsencrypt to a docker volume.
docker volume create certs_letsencrypt docker run \ /* other parameters */ -v certs_letsencrypt:/certs/letsencrypt \ -d byjg/easy-haproxy