If you use Docker, you should use HTTPS

With the advent of Let's Encrypt, there's no longer much of an excuse for not serving your content over HTTPS. If you're using Docker to host your webapp, a couple of tweaks to your stack can give you incredibly simple, maintenance free HTTPS hosting.

The first tool we'll use is jwilder/nginx-proxy (Github). This container acts as a reverse proxy for your webapp, allowing for virtual hosting based on domain name. All it requires is that your container expose the port it listens on, and that a single environment variable (VIRTUAL_HOST) is set on the container.

The second tool is jrcs/letsencrypt-nginx-proxy-companion (Github). As it's name suggests, this container automatically provisions certificates from Let's Encrypt, and provides the certificates to the proxy container. Just like the proxy, all this requires are environment variables: LETSENCRYPT_HOST and LETSENCRYPT_EMAIL.

Putting all of this together into a compose file:

This setup is what powers my blog, and you can see a demo of the hello-world app at hello-world.carsondarling.com.