HTTPS port

Cible

443

Défaut

443

HTTP port (required for HTTP validation and HTTP - HTTPS redirect)

Cible

80

Défaut

80

QUIC (HTTP/3) port. Must be enabled in the default and proxy confs.

Cible

443

Défaut

443

Persistent config files

Cible

/config

Top url you have control over (e.g. `example.com` if you own it, or `customsubdomain.example.com` if dynamic dns).

Défaut

example.com

Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).

Défaut

http|dns

Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)

Défaut

www,

Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing ZeroSSL account(https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt.

Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`.

Défaut

cloudflare

Optionally override (in seconds) the default propagation time for the dns plugins.

Optional e-mail address used for cert expiration notifications (Required for ZeroSSL).

If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`

Défaut

false

Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`

Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes.

Défaut

false

Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS.

Set to `true` to enable automatic reloading of confs on change without stopping/restarting nginx. Your filesystem must support inotify. This functionality was previously offered via mod(https://github.com/linuxserver/docker-mods/tree/swag-auto-reload).

A pipe(https://en.wikipedia.org/wiki/Vertical_bar)-separated list of additional folders for auto reload to watch in addition to `/config/nginx`

Container Variable: PUID

Défaut

99

Container Variable: PGID

Défaut

100

Container Variable: UMASK

Défaut

022