Chris Bowdon 🇬🇧🇪🇺Sep 9, 2017

Been struggling with this for a while: what is the cleanest way to integrate Let's Encrypt's #certbot into a full #docker system? I'm hoping to stick to the 12-factor process per container model.

I've seen a few solutions that are running multiple processes in the container but this seems over-complicated and I instinctively feel there's a better solution available. The tricky part is reloading HAProxy on receipt of a new cert, which suggests there needs to be some higher-level supervisor.

Show threadjakelow
@cbowdon I've also been grappling with this. I ended up going with #Caddy (caddyserver.com) which is a FOSS webserver with LE support built in (including renewal). It's also got a slick config language and is competitive with NGINX on performance. abiosoft/caddy is an unofficial docker image which works like a charm. The catch: you can't scale a Caddy docker service yet (containers will race to renew the cert, or hit the LE rate limit) but @mholt (the author) has been working on a fix for this.
Sep 11, 2017 at 4:06amWeb
Show threadChris Bowdon 🇬🇧🇪🇺Sep 11, 2017

@jakelow @mholt Good shout! I wasn't thinking of switching out HAProxy but Caddy could work.

Our main use of HAProxy at the moment is proxying different paths to different backends with some rewriting to add query params, which it sounds like Caddy can do. Scaling isn't a worry for us yet. Thanks! 🙂