Merge branch 'release/1.1.0'

Author: @_sopitz

README.md

@@ -16,9 +16,14 @@ That's about it already. If you want to run it without `docker-compose` it would
 ### Configuration
 You can configure the email address that should be used for certificate generation with letsencrypt with the environment variable `LETSENCRYPT_EMAIL`. If you do not set it, the email address will defaul to `info@VIRTUAL_HOST`.
 
+If you don't want SSL support for a certain container you can now add a label to prevent certificate generation: `letsencrypt.nocert`. The value you assign is not checked right now. Only the existence of the label is enough to exclude for certificate generation. That's how it would look like with a run command: `docker run -tid --label letsencrypt.nocert=true -e VIRTUAL_HOST=<your_domain> ubuntu`
+
 If there's anything else you want to configure. Please also have a look at [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy/). There you'll find more beautiful documentation on how to do more magic with this reverse proxy.
 
 ### How does it work?
 We use [Let's Encrypt](https://letsencrypt.org/) to generate the SSL certificates. Those certificates are free and expire every 3 months.
 We use [docker-gen](https://github.com/jwilder/docker-gen) to watch for starting containers and generate a shell-script that will run [Let's Encrypt](https://letsencrypt.org/). This will give you a SSL certificate in a matter of a couple of seconds. (So please don't worry when the certificate won't show up right after you start the container for the first time!). We use the `--keep-until-expiring` flag so you hopefully don't run into [beta restrictions](https://community.letsencrypt.org/t/public-beta-rate-limits/4772). That means the certificate will be renewed if it expires in 10 or less days automatically on container (re)start.
 Additional we have `cron` installed in the container to check regularly that your SSL certificates don't expire as you might not (re)start your containers every 3 months. That check will be performed at 10am. If you want to change that, just change it in the `cronfile`.
+
+### Docker Tags
+`latest` is always taken from develop branch. Please do NOT consider it production ready. Use the versioned tags instead for production please!

ssl.tmpl

@@ -1,17 +1,24 @@
 #!/bin/bash -e
 mkdir -p /var/www/letsencrypt
 
-{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
+{{ $optIn := contains $.Env "LETSENCRYPT_OPT_IN" }}
+{{ $optInContainers := whereLabelExists $ "letsencrypt.cert" }}
+{{ $optOutContainers := whereLabelDoesNotExist $ "letsencrypt.nocert" }}
+{{ $sslContainers := when $optIn $optInContainers $optOutContainers }} 
 
-{{ if $.Env.LETSENCRYPT_EMAIL }}
-	/letsencrypt/letsencrypt-auto certonly --email {{ $.Env.LETSENCRYPT_EMAIL }} --agree-tos --keep-until-expiring --webroot -w /var/www/letsencrypt -d {{ $host }}
-{{ else }}
-	/letsencrypt/letsencrypt-auto certonly --email info@{{ $host }} --agree-tos --keep-until-expiring --webroot -w /var/www/letsencrypt -d {{ $host }}
-{{ end }}
-	
-ln -sf /etc/letsencrypt/live/{{ $host }}/fullchain.pem /etc/nginx/certs/{{ $host }}.crt
-ln -sf /etc/letsencrypt/live/{{ $host }}/privkey.pem /etc/nginx/certs/{{ $host }}.key
+{{ $containersForGeneration := groupByMulti $sslContainers "Env.VIRTUAL_HOST" "," }}
 
-{{ end }}
+{{ range $containers := $containersForGeneration }}
+	{{ range $container := $containers }}
+		{{ if contains $container.Env "LETSENCRYPT_EMAIL" }}
+			/letsencrypt/letsencrypt-auto certonly --email {{ $container.Env.LETSENCRYPT_EMAIL }} --agree-tos --keep-until-expiring --webroot -w /var/www/letsencrypt -d {{ $container.Env.VIRTUAL_HOST }}
+		{{ else }}
+			/letsencrypt/letsencrypt-auto certonly --email info@{{ $container.Env.VIRTUAL_HOST }} --agree-tos --keep-until-expiring --webroot -w /var/www/letsencrypt -d {{ $container.Env.VIRTUAL_HOST }}
+		{{ end }}
+			
+		ln -sf /etc/letsencrypt/live/{{ $container.Env.VIRTUAL_HOST }}/fullchain.pem /etc/nginx/certs/{{ $container.Env.VIRTUAL_HOST }}.crt
+		ln -sf /etc/letsencrypt/live/{{ $container.Env.VIRTUAL_HOST }}/privkey.pem /etc/nginx/certs/{{ $container.Env.VIRTUAL_HOST }}.key
 
+		{{ end }}
+	{{ end }}
 docker-gen -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf