Intro
If you're after easy hosting of dockerized web services with automatic certificate enrolment using Lets Encrypt, then the solution is to use 2 docker containers - nginx as a web proxy and Lets Encrypt Companion to handle certificates. LE Companion can provide either LIVE or STAGING certificates, depending on configuration, but you can run only one at a time.
Container definitions below are in a docker-compose format and the recipe below contains absolutely no security hardening of the Docker installation - this is something you need to consider separately
Web proxy
TLSproxy:
image: 'jwilder/nginx-proxy:latest'
ports:
- '80:80'
- '443:443'
volumes:
- '/etc/letsencrypt:/etc/nginx/certs:ro'
- /etc/nginx/vhost.d
- /usr/share/nginx/html
- '/var/run/docker.sock:/tmp/docker.sock:ro'
environment:
- 'DEFAULT_HOST=default.vhost.tld'
TLSproxy is nginx based reverse proxy that automatically discovers and configures virtual hosts running on the same machine. See image description on docker hub for details. TL;DR simple approach is:
docker run -d -e VIRTUAL_HOST=blog.domain.tld ghost
Please note, the DEFAULT_HOST variable - it's quite useful to have it set right :-)