v1.10

Changes since v1.9:

• New customisable ownership and permissions system ( #436 #463 )
• Ability to restart a proxied container on cert issuance / renewal ( #442 )
• User adjustable minimal certificate validity for renewal ( #485 )
• Upgrade simp_le to 0.12.0 ( #484 )
• Upgrade docker-gen build stage to go 1.11 ( #487 )

Bug fixed:

• #465 certificate managed by the container are now better identified by a dotfile in their folder ( #472 )
• the DEBUG environment variable is now case insensitive ( true = True ) ( #480 )

Other changes:

• Multiple improvements and fixes to the test suite.
• Updates to the documentation.

v1.9.1

Bug fixed:

• The cleanup_links() function now only consider symlinks matching /etc/nginx/*.crt for cleanup. This bug only produced bogus debug logs and did not cause any unwanted file deletion.

v1.9

Changes since v1.8:

• Use Implicit prefix matching on the /.well-known/acme-challenge location ( #335 )
• Upgrade simp_le to 0.10.0 ( #422 )
• Upgrade alpine to 3.8 ( #414 )
• Create DH group in background at container startup ( #394 )
• Create a default certificate and private key at startup if none is provided ( #423 )
• Use multi-stage build for compatibility with non amd64 archs ( #391 )

Bug fixed:

• #375 the /app/force_renew script did not work when using --volumes-from ( #382 )
• #396 service loop not executing due to an empty variable under some circumstances ( #404 )
• #401 some env var were not set when reloading nginx inside a nginx-proxy container

Other changes:

• Complete overhaul of the test suite, now working on macOS.
• Updates to the documentation

v1.8.1

Bug fixed:

• Fix accidental removal of custom certificates mounted to /etc/nginx/certs ( #352 )

Notes: the v1.8 tag on Dockerhub also point to the v1.8.1 image.

v1.8

Changes since v1.7:

• Add the ability to use a custom DH parameters size ( #251 )
• Add Amazon ECS Support ( #300 )
• Add the /app/_cert_status script to get informations about existing certificates ( fa837ba )
• Check nginx-proxy container state before attempting to request certificates ( #321 )
• Update simp_le to 0.7.0 ( 400a7da )
• Update docker-gen to 0.7.4 ( 9570237 )
• Disable SSL for domains that are no longer used in a LETSENCRYPT_HOST env var ( 4b2b442 )
• Rework of the the nginx-proxy and docker-gen cid acquisition logic ( 866dda1 16f0222 )
• Do not overwrite production certs with test certs and vice versa (0312525 )
• Do not remove single domain certs whose domain is now part of a SAN cert ( 40a4d9c )
• Fixes to the symlinking logic ( 810a6cd d606704 )
• Minor code / typo cleanups ( #328 3af5ae8 3b212f2 )

Notes:

a5cf93e disable SSL for domains that are no longer configured as LETSENCRYPT_HOST on a container.

However, HSTS being enabled by default by the upstream nginx.tmpl, disabling SSL for a domain won't enable back http for your returning site users and your site will be unreachable for them.
The only way to get to an http site after receiving an HSTS response is to clear your browser's HSTS cache.

If you want to have the ability to fully switch between having https enabled or disabled, read carefully about HSTS and disable it by setting the HSTS=off environment variable on proxyed containers.

The previous behaviour was that symlinks were never removed, wether you stopped or removed the proxyed container or re-created it without LETSENCRYPT_HOST environment variable.

Also, due to the update to simp_le 0.7.0, the ACME_TOS_HASH environment variable has been deprecated. This version of simp_le does not compare Terms of Service hashes anymore and implicitly agree to the ACME CA ToS automatically.

v1.7

Changes since v1.6:

• Rework handling of ACME account keys ( 7f66758 #312 )
• Change REUSE_KEY to REUSE_PRIVATE_KEYS to avoid confusion with account keys ( 63403f7 )
• Remove the --only exposed argument to docker-gen ( #230 #281 )
• Update the base image to Alpine 3.7 ( d27d4cf )
• Set the image exit code to 0 ( 6c6f131 )
• Make LETSENCRYPT_EMAIL optional ( 1bb6e86 )

Bug fixed:

• Fix issues with trimming on the go template and with rm -rf on paths that might include an empty var. Both issues could send the container in an endless loop ( #289 fix for issues #254 and #288 )

Other changes:

• Addition of a basic Travis CI test suite ( #285 )
• Updates to the documentation ( #257 #292 #297 3c35d72 )

v1.6

Changes since v1.5:

• Enables choosing a specific key size via the LETSENCRYPT_KEYSIZE env var ( #212 )
• Enables private keys reutilisation via the REUSE_KEY env var ( #218 )
• Improvements to the simp_le install script ( #222 )
• Adds support for dynamic container names via docker labels ( #231 )
• Disable Nginx auth for the /.well-known/acme-challenge/ location ( #232 )
• Adds the /app/force_renew script to force renewal of all certificates ( #249 )
• Successive updates to the simp_le version used up to 0.6.2 ( #222 #229 #237 #248 #282 )
• Removes reliance on a hardcoded Let's Encrypt Terms of Service hash ( #282 )
• Adds Links to various docker-compose examples in the docs ( #210 #226 #253 )
• Updates to documentation ( #276 )

Also, note that due to #277:

• v1.5 will require that you pass an up to date ToS hash to the container using the ACME_TOS_HASH env var
• all versions prior to v1.5 won't work anymore as they miss the ability to pass an alternative ToS hash to simp_le.

v1.1: Merge pull request #14 from JSurf/master

Disable basic auth for letsencrypt challenge