SexyCoders/proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
proxy/README.md
server-hotfix 1369504543 fixed readme
2025-06-18 17:32:10 +00:00

3.3 KiB
Raw Permalink Blame History

Nginx + Certbot + ACMEDNS Proxy Stack

Full documentation → docs site

Simple reverseproxy setup packaged in a single Docker image. Nginx handles HTTP/S and TCP/UDP streams; Certbot issues and renews Lets Encrypt certificates via ACMEDNS (DNS01). packaged in a single Docker image. Nginx handles HTTP/S and TCP/UDP streams; Certbot issues and renews Lets Encrypt certificates via ACMEDNS (DNS01).

Whats in this repo

Path / file Purpose
dockerfile.debian Builds the image (Debian slim + Nginx + Certbot)
compose.yml Oneservice Docker Compose file
acme-dns-auth.py Helper script called by Certbot for DNS01
certbot-runner Convenience wrapper to open a shell in the image
conf.d/ Not tracked drop HTTP/S vhost configs here
stream.d/ Not tracked drop stream (TCP/UDP) configs here
letsencrypt/ Empty volume for keys/certs (gitignored)
work/ Certbot cache (gitignored)

Prerequisites

  • Docker 24 or later
  • Docker Compose v2 (or Docker Swarm if you prefer)

Quick start (single node)

# clone
$ git clone https://github.com/youruser/proxy-stack.git
$ cd proxy-stack

# create runtime dirs so volume binds dont fail
$ mkdir -p letsencrypt work

# build the image (or pull one you published)
$ docker build -t proxy:latest -f dockerfile.debian .

# start Nginx + Certbot
$ IMAGE_NAME=proxy:latest docker compose up -d

# obtain an initial certificate (DNS01)
$ DOMAIN=example.com ./certbot-runner
# follow the prompts → add the TXT/CNAME → press <enter>

When certificates renew, Certbot reloads Nginx automatically.

Certificates (DNS01 quick guide)

# Run inside the container (root)
certbot certonly \
  --manual \
  --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py \
  --preferred-challenges dns \
  --debug-challenges \
  -d '*.your-domain' -d your-domain

1. The hook registers (or reuses) an acmedns account and prints a CNAME like:

_acme-challenge.your-domain.  CNAME  8a1b12c3-...acme-dns.io.

2. Create that CNAME in your authoritative DNS zone (or update if it exists). 3. Press Certbot validates, stores the certs under /etc/letsencrypt/live/your-domain/, and reloads Nginx.

Thats it future renewals happen automatically (certbot renew).

Directory rules

Everything that contains private keys or runtime state is ignored by Git:

letsencrypt/     # keys, certs, renewal configs
work/            # Certbot cache
conf.d/          # your real vhosts  ignored
stream.d/        # your real stream configs  ignored

Provide examples by naming them *.example.conf; those are the only files tracked inside conf.d/ and stream.d/.

Updating

# Rebuild image when Nginx or Certbot update
$ docker build -t proxy:latest . && docker compose up -d

License

Released under GPL2.0 see LICENSE for full text.