I use https://github.com/nginx-proxy/nginx-proxy as my egress reverse proxy, but it doesn't do SSL the way Let's Encrypt does.

Since I use Let's Encrypt to keep my SSL certificates renewed on time, it's been frustrating that I can't do SSL end-to-end from the Cloudflare CDN to my server. I've poked at it before, but today I committed to getting it working. And I did!

https://github.com/jekewa/nginx-proxy is where I put my fork of the nginx-proxy project. I simply (after some digestion) added two small bits to their template that allowed me to declare where the Let's Encrypt domain is defined, and then to use it when writing the server block in the nginx configuration. I even made a repository at https://hub.docker.com/repository/docker/jekewa/nginx-proxy with a Debian (what I use) container.

After minor trial and error, I was able to add the new environment variable to my containers and I could see my nginx-proxy handling the domains with the SSL certificates from Let's Encrypt.

I touched the CDN configuration to turn on end-to-end SSL, and was immediately disappointed. After few moments of head-scratching I realized I was probably blocking the SSL ports at my firewall. I peeked at the sever, which I'd been testing from the command line, and it was fine. My WAN gateway also allows port 443 through. My LAN gateway, through which this particular server is port-forwarded, did not have the port configured. I fixed that, and it worked from the CDN, too!

I'm going through all the domains on the CDN and turning on full SSL, and before too long, all the sites will be all SSL! Then I'm going to go through all the projects that had defined a similar environment variable to see if I can figure out why and possibly reduce the reproduction.