I have Docker running on my Ubuntu server and I’ve setup Portainer with a SSL certificate using Certbot to point example.com:8443 to the sub-domain portainer.example.com.
Certification creation
certbot certonly --nginx \
--email webmaster@example.com \
--no-eff-email \
--agree-tos \
-d portainer.example.com
Running Portainer in Docker
docker run -d -p 8443:9000 -p 8000:8000 --name portainer --restart always \
-v /etc/letsencrypt/live/portainer.example.com:/certs/live/portainer.example.com \
-v /etc/letsencrypt/archive/portainer.example.com:/certs/archive/portainer.example.com \
-v portainer_data:/data portainer/portainer \
--ssl \
--sslcert /certs/live/portainer.example.com/fullchain.pem \
--sslkey /certs/live/portainer.example.com/privkey.pem
To my knowledge a NGINX reverse proxy can handle SSL certificates whilst leaving downstream applications or Docker containers on plain HTTP. My question is, do I apply SSL certificates to both the reverse proxy and Portainer Docker container or use the SSL certificate at on reverse proxy alone?