nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
[Feature request] Custom SSL local path / file
Hi, I have my certificates accessible from the file system on the docker host so it would be great when adding a custom certificate that you could specify a local path instead of manually uploading the required files,
That way I could setup the container with e.g.:
volumes
- /var/ssl:/ssl
And when adding a custom certificate I could enter e.g. /ssl/my.cert
This would be very helpful. I use a .net for my local network, so being able to use something such as acme.sh to generate a wildcard using a txt dns entry would be great and not have to copy the cert over manually.
For reference: https://github.com/Neilpang/acme.sh
I would also like this. Would be useful for wildcard certs i'm generating via a different container.
I would also love this feature as this is the only thing preventing me from using this. I also use a different container to generate my certs (via DNS, not HTTP), which also handles automatically restarting any required containers when the certificate updates.
the actual compose magic is putting the certs persistent in ./letsencrypt/
ok you have to know what npm-ID is your cert but thats ok in smaller environments
There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:
listen 443 ssl http2;
listen [::]:443;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /path/to/cert/cert.pem;
ssl_certificate_key /path/to/cert/key.pem;
just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.
P.S: to force ssl redirect add the line include conf.d/include/force-ssl.conf;
This feature would be amazing. Specially for non proxy host certificates since there is no advanced tab and therefore @christian-skjetne workaround does not work.
Any updates on this one? I'm managing certbot separately and I'm provisioning all my services with certs via hooks. I'd like to see a "load cert from this path" option in npm...
@shalak
Does @christian-skjetne comment not help you? Should be ok for any http proxy route. Haven't tried this out yet, though. Really want to use NPM, but this is a feature I would like to have. But, I think this should work for now.
Does @christian-skjetne comment not help you?
Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.
Does @christian-skjetne comment not help you?
Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.
I see. I am in the same boat as well. I am just manually editing my conf files at this point. Really easy to use nginxconfig.io to provide for the base files.
There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:
...
Apologies if this is an idiot question, but why does it not seem to work to stop the container, replace the privkey.pem and fullchain.pem in the relevant /data/custom_ssl/npm-x folder with manually updated cert/key files and restarting the container?
There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:
listen 443 ssl http2; listen [::]:443; # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /path/to/cert/cert.pem; ssl_certificate_key /path/to/cert/key.pem;just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.
P.S: to force ssl redirect add the line
include conf.d/include/force-ssl.conf;
Can anyone advise what Im doing wrong here?
I add the config as specified and it gives me an offline error? Essentially breaks it
@1liminal1 I had a similar issue until I realized I had a conflicting config in it (listen 80 was in "details" and "advanced", once I removed it from "advanced" it worked). I would double check all your paths are correct and possibly restart the container, here's my exact config:
listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;
There's a simpler way to do this if all your Proxy Host need the same SSL config.
- Set SSL to none for all your Proxy Host
- Remove any SSL config from Advanced
- Paste your custom SSL config in /data/nginx/custom/server_proxy.conf
listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;
- Restart container
There's a simpler way to do this if all your Proxy Host need the same SSL config.
Great, thanks! I have also tested this with a single proxy host and it works - now I can update the SSL settings for the 40+ others for the last time!
I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline:
include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;
I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline:
include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;
full path also fixed mine! Good find Thanks!
