Reading Time: 3 minutes
Today I’m going to show you how to add SSL certificates for HTTPS with Let’s Encrypt (Dovecot) in Docker or Docker Compose using Nginx Proxy Manager.
It’s a straightforward process that allows you to add the certificate in a matter of minutes. It also automatically renews without any manual intervention.
The first step is to add the Nginx Proxy Manager image to your docker-compose:
nginxproxymanager:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in the format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Default user:
# Email: admin@example.com
# Password: changeme
volumes:
- ./config/proxymanager/data:/data
- ./config/letsencrypt:/etc/letsencrypt
We need to expose the default HTTP port 80 since the proxy will listen to all incoming connections and redirect them accordingly. If you also have an Apache or Nginx image, you’ll need to change its port to another, for example, 8082.
To access the Nginx Proxy Manager service, we need to invoke our URL using port 81 (e.g., localhost:81).
We also create two volumes, one for the proxy manager data and another for the Let’s Encrypt certificates.
Now we can access our Nginx Proxy Manager (e.g., http://localhost:81 or the deployed address) (remember to open the port: https://devcodelight.com/how-to-open-a-port-in-ubuntu-linux-by-default-using-ip-tables/)
Once inside, we will be prompted to log in for the first time using the initial credentials:
# Email: admin@example.com
# Password: changeme
After logging in, we’ll be asked to change the credentials.
Now we can add our domains and certificates. To do that, go to the Proxy Hosts section.
And add a new one:
Simply fill in the requested information:
.</li>
<li>Forward Port: specify the port on which the service is running (remember that we changed Apache or Nginx to port 8082 or the one we chose).</li>
</ul>
<p>Once filled in, we can enable the <strong>Block Common Exploits</strong> option for added security.</p>
<div class=)
If you want to optimize the site’s speed, you can enable Cache Assets.
Once filled in, go to the SSL section:
This is where our certificate will be generated.
Select Request a new SSL Certificate
Check the Force SSL option if you want to redirect all connections through SSL. Provide an email address to receive certificate expiration notifications and agree to the Let’s Encrypt terms.
Click on Save, and within seconds, we’ll have our certificate.
To verify it, go to the SSL certificates section:
We can see the date and the certificate listed:
We need to visit the specified domain to see if it works:
As you can see, it’s a very useful and user-friendly tool.
