A minimal, configurable TLS reverse proxy in Docker with self-signed cert included.
- Shell 61.5%
- Dockerfile 38.5%
|
|
||
|---|---|---|
| compose.yml | ||
| Dockerfile | ||
| entrypoint.sh | ||
| nginx.conf | ||
| README.md | ||
Proxy Box
A minimal, configurable TLS reverse proxy in Docker with self-signed cert included.
A lightweight Docker container running nginx as an HTTPS reverse proxy. It auto-generates a self-signed certificate at startup and forwards all traffic to a configurable backend service. Designed to sit in front of a docker compose stack.
Environment variables
| Variable | Default | Description |
|---|---|---|
| HTTPS | 443 | HTTPS listening port |
| DOMAIN | localhost | Domain name — used as CN in the certificate |
| BACKEND | required | Backend address to proxy to (e.g. myapp:3000) |
Quick start
docker build -t nginx-reverseproxy .
docker run -d \
-e BACKEND=myapp:3000 \
-e DOMAIN=example.com \
-p 443:443 \
nginx-reverseproxy
The container will generate a self-signed RSA 4096 certificate on first startup and store it in /etc/nginx/ssl/.
Usage with docker compose
proxy:
build: .
ports:
- "0.0.0.0:443:443"
environment:
BACKEND: myapp:3000
DOMAIN: example.com
depends_on:
- myapp
Add the conf below to your compose file.
Bring your own certificate
Mount your existing certificate files — the entrypoint skips generation if both files are already present:
volumes:
- ./certs/example.com.crt:/etc/nginx/ssl/example.com.crt:ro
- ./certs/example.com.key:/etc/nginx/ssl/example.com.key:ro
Security notes
- TLS 1.2 and 1.3 only. Older protocols are disabled.
- nginx version header is hidden (server_tokens off).
- Unmatched requests return 444 (connection closed, no response).
- The self-signed certificate is for development only. Use a CA-issued certificate in production.