Streamline Your Proxies: SSL terminator

Secure SSL termination

This proxy component is part of a series of proxies that are modular in design and require almost zero configuration. The series currently includes an SSL terminator, forward proxy and a caching proxy. Over time, I will add a a rate limiter, a loadbalancer/router, and a CDN proxy/image resizer.

I've developed a compact and efficient SSL terminator designed to fit seamlessly into a Docker container. This tool specializes in processing HTTPS requests and forwarding them to servers that lack HTTPS support, streamlining secure communication.

Key benefits of this SSL terminator include:

  1. Enhanced security through encryption of data in transit.
  2. Improved compliance with modern web standards and security practices.
  3. Flexibility in deployment, facilitating easy integration with existing systems.
  4. Simplified management.
  5. Scalability, allowing for easy expansion as network demands grow.

Configuring this SSL terminator is a breeze, with environment variables controlling its settings. It dynamically generates its configuration, adapting to various requirements like backend server details, backend port, and the HTTPS port.

Designed with docker-compose and docker-stack in mind, the terminator functions excellently as a distinct service. This approach simplifies backend server configurations and aligns perfectly with the single responsibility principle.

As part of a broader suite of tools, including HTTP caching middleware, rate limiters, and load balancers, this terminator plays a crucial role. It's all about creating a modular, maintainable architecture where each component, including this SSL terminator, can be easily integrated, ensuring smooth operation and eliminating the need for unwieldy proxy configurations.


* https termination for a single host
* supports http/2
* uses a default insecure certificate for testing if you don't provide your own
* configure with env vars
* image size only 9mb compressed, memory usage about 7mb

Minimal docker-compose

A minimal docker compose file would look like this:

version: '3.7'


    image: 24hoursmedia/nginx-ssl-terminator:1.0-latest
      # expose on port 443 on the host, and port 80 for redirecting to 443
      - "443:443"
      - "80:80"
      - "BACKEND_HOST=webserver"

    image: nginx:1.19.6-alpine

This post outlines the strategies and thought processes behind my DevOps projects. It reflects my dedication to adopting best practices in DevOps and staying aligned with the latest technological advancements.

Post date: November, 2023


The ssl terminator is available at docker hub: for multiple architectures (amd, arm64, arm7), and is only 9mb in size as a compressed image.


  • Nginx
  • Docker multistage build
  • Docker multiplatform build
  • Documentation with Jetbrains Writerside