[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-10011":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":16,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},10011,"acme-companion","nginx-proxy\u002Facme-companion","nginx-proxy","Automated ACME SSL certificate generation for nginx-proxy","",null,"Shell",7712,830,93,41,0,12,39.76,"MIT License",false,"main",true,[24,25,26,27,28,29,7,30,31],"acme","acme-protocol","acme-v2","buypass","docker","letsencrypt","ssl","zerossl","2026-06-12 02:02:15","[![Tests](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Factions\u002Fworkflows\u002Ftest.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Factions\u002Fworkflows\u002Ftest.yml)\r\n[![GitHub release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Fnginx-proxy\u002Facme-companion.svg)](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Freleases)\r\n[![Docker Image Size](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fnginxproxy\u002Facme-companion?sort=semver)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fnginxproxy\u002Facme-companion \"Click to view the image on Docker Hub\")\r\n[![Docker stars](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fstars\u002Fnginxproxy\u002Facme-companion.svg)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fnginxproxy\u002Facme-companion \"Click to view the image on Docker Hub\")\r\n[![Docker pulls](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fnginxproxy\u002Facme-companion.svg)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fnginxproxy\u002Facme-companion \"Click to view the image on Docker Hub\")\r\n\r\n**acme-companion** is a lightweight companion container for [**nginx-proxy**](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Fnginx-proxy).\r\n\r\nIt handles the automated creation, renewal and use of SSL certificates for proxied Docker containers through the ACME protocol.\r\n\r\n### Features:\r\n* Automated creation\u002Frenewal of Let's Encrypt (or other ACME CAs) certificates using [**acme.sh**](https:\u002F\u002Fgithub.com\u002Facmesh-official\u002Facme.sh).\r\n* Let's Encrypt \u002F ACME domain validation through `HTTP-01` (by default) or [`DNS-01`](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Fblob\u002Fmain\u002Fdocs\u002FLet's-Encrypt-and-ACME.md#dns-01-acme-challenge) challenge.\r\n* Automated update and reload of nginx config on certificate creation\u002Frenewal.\r\n* Support creation of [Multi-Domain (SAN) Certificates](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Fblob\u002Fmain\u002Fdocs\u002FLet's-Encrypt-and-ACME.md#multi-domains-certificates).\r\n* Support creation of [Wildcard Certificates](https:\u002F\u002Fcommunity.letsencrypt.org\u002Ft\u002Facme-v2-production-environment-wildcards\u002F55578) (with `DNS-01` challenge only).\r\n* Creation of a strong [RFC7919 Diffie-Hellman Group](https:\u002F\u002Fdatatracker.ietf.org\u002Fdoc\u002Fhtml\u002Frfc7919#appendix-A) at startup.\r\n* Work with all versions of docker.\r\n\r\n### HTTP-01 challenge requirements:\r\n* Your host **must** be publicly reachable on **both** port [`80`](https:\u002F\u002Fletsencrypt.org\u002Fdocs\u002Fallow-port-80\u002F) and [`443`](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Fdiscussions\u002F873#discussioncomment-1410225).\r\n* Check your firewall rules and [**do not attempt to block port `80`**](https:\u002F\u002Fletsencrypt.org\u002Fdocs\u002Fallow-port-80\u002F) as that will prevent `HTTP-01` challenges from completing.\r\n* For the same reason, you can't use nginx-proxy's [`HTTPS_METHOD=nohttp`](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Fnginx-proxy#how-ssl-support-works).\r\n* The (sub)domains you want to issue certificates for must correctly resolve to the host.\r\n* If your (sub)domains have AAAA records set, the host must be publicly reachable over IPv6 on port `80` and `443`.\r\n\r\nIf you can't meet these requirements, you can use the `DNS-01` challenge instead. Please refer to the [documentation](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Fblob\u002Fmain\u002Fdocs\u002FLet's-Encrypt-and-ACME.md#dns-01-acme-challenge) for more information.\r\n\r\nIn addition to the above, please ensure that your DNS provider answers correctly to CAA record requests. [If your DNS provider answer with an error, Let's Encrypt won't issue a certificate for your domain](https:\u002F\u002Fletsencrypt.org\u002Fdocs\u002Fcaa\u002F). Let's Encrypt do not require that you set a CAA record on your domain, just that your DNS provider answers correctly.\r\n\r\n![schema](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Fblob\u002Fmain\u002Fschema.png)\r\n\r\n## Basic usage (with the nginx-proxy container)\r\n\r\nTwo writable volumes must be declared on the **nginx-proxy** container so that they can be shared with the **acme-companion** container:\r\n\r\n* `\u002Fetc\u002Fnginx\u002Fcerts` to store certificates and private keys (readonly for the **nginx-proxy** container).\r\n* `\u002Fusr\u002Fshare\u002Fnginx\u002Fhtml` to write `http-01` challenge files.\r\n\r\nAdditionally, a third volume must be declared on the **acme-companion** container to store `acme.sh` configuration and state: `\u002Fetc\u002Facme.sh`.\r\n\r\nPlease also read the doc about [data persistence](.\u002Fdocs\u002FPersistent-data.md).\r\n\r\nExample of use:\r\n\r\n### Step 1 - nginx-proxy\r\n\r\nStart **nginx-proxy** with the two additional volumes declared:\r\n\r\n```shell\r\n$ docker run --detach \\\r\n    --name nginx-proxy \\\r\n    --publish 80:80 \\\r\n    --publish 443:443 \\\r\n    --volume certs:\u002Fetc\u002Fnginx\u002Fcerts \\\r\n    --volume html:\u002Fusr\u002Fshare\u002Fnginx\u002Fhtml \\\r\n    --volume \u002Fvar\u002Frun\u002Fdocker.sock:\u002Ftmp\u002Fdocker.sock:ro \\\r\n    nginxproxy\u002Fnginx-proxy\r\n```\r\n\r\nBinding the host docker socket (`\u002Fvar\u002Frun\u002Fdocker.sock`) inside the container to `\u002Ftmp\u002Fdocker.sock` is a requirement of **nginx-proxy**.\r\n\r\n### Step 2 - acme-companion\r\n\r\nStart the **acme-companion** container, getting the volumes from **nginx-proxy** with `--volumes-from`:\r\n\r\n```shell\r\n$ docker run --detach \\\r\n    --name nginx-proxy-acme \\\r\n    --volumes-from nginx-proxy \\\r\n    --volume \u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock:ro \\\r\n    --volume acme:\u002Fetc\u002Facme.sh \\\r\n    --env \"DEFAULT_EMAIL=mail@yourdomain.tld\" \\\r\n    nginxproxy\u002Facme-companion\r\n```\r\n\r\nThe host docker socket has to be bound inside this container too, this time to `\u002Fvar\u002Frun\u002Fdocker.sock`.\r\n\r\nAlbeit **optional**, it is **recommended** to provide a valid default email address through the `DEFAULT_EMAIL` environment variable, so that Let's Encrypt can warn you about expiring certificates and allow you to recover your account.\r\n\r\n### Step 3 - proxied container(s)\r\n\r\nOnce both **nginx-proxy** and **acme-companion** containers are up and running, start any container you want proxied with environment variables `VIRTUAL_HOST` and `LETSENCRYPT_HOST` both set to the domain(s) your proxied container is going to use.\r\n\r\n[`VIRTUAL_HOST`](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Fnginx-proxy#usage) control proxying by **nginx-proxy** and `LETSENCRYPT_HOST` control certificate creation and SSL enabling by **acme-companion**.\r\n\r\nCertificates will only be issued for containers that have both `VIRTUAL_HOST` and `LETSENCRYPT_HOST` variables set to domain(s) that correctly resolve to the host, provided the host is publicly reachable.\r\n\r\n```shell\r\n$ docker run --detach \\\r\n    --name your-proxied-app \\\r\n    --env \"VIRTUAL_HOST=subdomain.yourdomain.tld\" \\\r\n    --env \"LETSENCRYPT_HOST=subdomain.yourdomain.tld\" \\\r\n    nginx\r\n```\r\n\r\nThe containers being proxied must expose the port to be proxied, either by using the `EXPOSE` directive in their Dockerfile or by using the `--expose` flag to `docker run` or `docker create`.\r\n\r\nIf the proxied container listen on and expose another port than the default `80`, you can force **nginx-proxy** to use this port with the [`VIRTUAL_PORT`](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Fnginx-proxy#multiple-ports) environment variable.\r\n\r\nExample using [Grafana](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fgrafana\u002Fgrafana\u002F) (expose and listen on port 3000):\r\n\r\n```shell\r\n$ docker run --detach \\\r\n    --name grafana \\\r\n    --env \"VIRTUAL_HOST=othersubdomain.yourdomain.tld\" \\\r\n    --env \"VIRTUAL_PORT=3000\" \\\r\n    --env \"LETSENCRYPT_HOST=othersubdomain.yourdomain.tld\" \\\r\n    --env \"LETSENCRYPT_EMAIL=mail@yourdomain.tld\" \\\r\n    grafana\u002Fgrafana\r\n```\r\n\r\nRepeat [Step 3](#step-3---proxied-containers) for any other container you want to proxy.\r\n\r\n## Additional documentation\r\n\r\nPlease check the [docs section](https:\u002F\u002Fgithub.com\u002Fnginx-proxy\u002Facme-companion\u002Ftree\u002Fmain\u002Fdocs).\r\n\r\n## About this repository\r\n\r\n> [!NOTE]\r\n> This repository is officially maintained by \u003Cstrong>ZeroSSL\u003C\u002Fstrong> as part of our commitment to secure and reliable SSL\u002FTLS solutions.  \r\n> We welcome contributions and feedback from the community!  \r\n> For more information about our services, including free and paid SSL\u002FTLS certificates, visit https:\u002F\u002Fzerossl.com.\r\n\u003Cp align=\"center\">\r\n\t\u003Ca href=\"https:\u002F\u002Fzerossl.com\">\r\n\t\t\u003Cpicture>\r\n\t\t\t\u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fzerossl.com\u002Fassets\u002Fimages\u002Fzerossl_logo_white.svg\">\r\n\t\t\t\u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fzerossl.com\u002Fassets\u002Fimages\u002Fzerossl_logo.svg\">\r\n\t\t\t\u003Cimg src=\"https:\u002F\u002Fzerossl.com\u002Fassets\u002Fimages\u002Fzerossl_logo.svg\" alt=\"ZeroSSL\" width=\"256\">\r\n\t\t\u003C\u002Fpicture>\r\n\t\u003C\u002Fa>\r\n\u003C\u002Fp>\r\n","nginx-proxy\u002Facme-companion 是一个轻量级的伴随容器，用于自动化生成和更新通过 ACME 协议（如 Let's Encrypt）为 nginx-proxy 代理的 Docker 容器提供 SSL 证书。它利用 acme.sh 自动创建和续订证书，并支持 HTTP-01 和 DNS-01 两种验证方式。此外，该项目还具备自动更新和重新加载 nginx 配置、支持多域名及通配符证书等功能。适用于需要为多个 Docker 容器提供安全 HTTPS 访问的场景，特别适合那些希望简化 SSL 证书管理流程的开发者或运维人员。",2,"2026-06-11 03:26:06","top_topic"]