Docker Community Forums

Share and learn in the Docker community.

Get SSL certificate for use in Docker container


(Desmondlim) #1

Hi there,

I’m very new to Docker and I need help.

I’ve created some Spring Boot applications and I’m going to dockerise them but how do I secure them with SSL from Let’s Encrypt.

In Spring Boot, if I’m running it on a server, I just have to point my to the certificate file and since I’m going to auto deploy them on Amazon ECS, this method can’t work.

How can I go about securing my APIs with SSL from Let’s Encrypt?


(Cvgaviao) #2

Have you managed this challenge ?

I also would like to do that…

(Archimedes Trajano) #3

My recommendation is don’t. Leave the let’s encrypt to nginx which proxies to your spring boot app. If you really have to, simply use a self signed certificate for each microservice behind nginx (it’s cheaper than a wildcard certificate).

Personally I gave up on the linuxserver/nginx-letsencrypt image, it was just too bulky for my needs.

My Dockerfile

FROM nginx:alpine
VOLUME /etc/letsencrypt
RUN apk add py-urllib3 openssl certbot curl --no-cache \
    --repository \
    --repository \
  && rm -rf /var/cache/apk/*
COPY conf.d/* /etc/nginx/conf.d/
RUN chmod 700 /
CMD [ "/" ] (customize to your own needs

#!/bin/sh -e
if [ ! -e /etc/letsencrypt/live ]
  certbot -n -q certonly --standalone --email --agree-tos \
          --rsa-key-size 4096 -d
  openssl dhparam -out /etc/letsencrypt/dhparams.pem 4096 > /dev/null
exec nginx -g "daemon off;"


server {
listen unix:/var/run/nginx.sock ssl http2 default_server;
ssl_certificate     /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_dhparam         /etc/letsencrypt/dhparam.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

Finally conf.d/microservice.conf

server {
    listen 443 ssl http2;

    location / {

(Archimedes Trajano) #4

To simplify this process for everyone I made which manages letsencrypt but is quite lighter weight than the more popular linuxserver/nginx-letsencrypt