Skip to content

🏯🐳🔐 Ansible role that sets up an automated H2O reverse proxy for docker containers with automatic creation of Let's Encrypt certificates using docker-gen.

License

Notifications You must be signed in to change notification settings

cedricblondeau/ansible-role-h2o-docker-proxy-letsencrypt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ansible-role-h2o-docker-proxy-letsencrypt

Ansible role that sets up an automated H2O proxy for docker containers with automatic creation of Let's Encrypt certificates using docker-gen.

I wrote about this on my blog: https://blog.cedricblondeau.com/2016/08/21/h2o-docker-reverse-proxy/.

Prerequisites

  • Ansible 2.1+
  • A docker-enabled target

Usage

First, clone this repository in your roles path (usually in a roles directory alongside your playbook) under the name h2o-docker-proxy-letsencrypt:

git submodule add https://github.com/cedricblondeau/ansible-role-h2o-docker-proxy-letsencrypt roles/h2o-docker-proxy-letsencrypt

Then, configure (letsencrypt_email is the only mandatory variable) and add the role to your playbook:

---
- name: Set up an automated H2O proxy for docker containers with automatic creation of Let's Encrypt certificates
  hosts: all
  become: true
  vars:
    letsencrypt_email: youremail_here@domain.tld
  roles:
    - h2o-docker-proxy-letsencrypt

Finally, execute your playbook and deploy your apps.

Example :

docker pull training/webapp
docker run -d --name training_webapp -e "VIRTUAL_HOST=webapp.dev" training/webapp

The VIRTUAL_HOST environment variable is mandatory and is used for:

  • Routing the HTTP requests to the containers
  • Creating Let's encrypt certificates

The containers being proxied must expose the port to be proxied, either by using the EXPOSE directive in their Dockerfile or by using the --expose flag to docker run or docker create.

If your container exposes multiple ports, the role will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.

Deployed containers

The role uses two separated docker images:

If you want to build the images yourself you can easily override the repositories:

h2o_image: lkwg82/h2o-http2-server
letsencrypt_image: cedricbl/letsencrypt-webroot

Dev

This role can easily be tested using Vagrant:

Vagrant.configure(2) do |config|
  # Base config
  config.vm.box = "cedricblondeau/ubuntu-xenial64-docker"
  config.vm.hostname = "h2o-docker-proxy-devbox"
  config.vm.network "private_network", ip: "192.168.33.10"

  # Provisioning
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "playbook.yml"
    ansible.verbose = "vvvv"
  end
end

Thanks

About

🏯🐳🔐 Ansible role that sets up an automated H2O reverse proxy for docker containers with automatic creation of Let's Encrypt certificates using docker-gen.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published