100% automated, official certificates for your Docker container

Posted on 2019-12-15 by ungleich virtualisation team



id=$(docker run -d ungleich/nginx-letsencrypt-ipv6)
docker logs ${id} 2>/dev/null | grep "^Getting certificate"

to create a docker container with full https enabled. Attention: You do need to enable IPv6 in docker before.

How it works

Any computer with a valid IPv6 address can retrieve a valid certificate from letsencrypt. This is possible due to the has-a.name domain, which gives a name to every possible IPv6 address out there.

In the docker container we retrieve its IPv6 address, turn it into a name and then request a certificate from letsencrypt.

How is this useful?

Finally all your docker containers can be world wide reachable, fully secured without any manual configuration required.

This way you can expose in-development containers directly to your customer or even locally test with https instead of http.

Why is this great?

This is the first service that allows you to fully automated https on any docker container without manual intervention. You can just fire it up and https is running with an official certificate.

Developing on top of it

You can also build your own container based on the ungleich/nginx-letsencrypt-ipv6 container. Simply use the standard FROM statement in your dockerfile and enjoy a read-to-use-https-container.

Trying it out

If you don't happen to have a host with an IPv6 network available, you can try it out on a VM on IPv6onlyhosting.com.