Securely Download Files using Https from Nginx Docker Containers

As  system administrators, we have situations where we need to download large files such as backup files, database backups, emails, log files etc securely between our servers. Usually we use SFTP, SSH or SCP for this purposes. But these processes slow down comparatively, when it comes to a remote backup download.

In this article, I'm explaining a convenient way for downloading large files using HTTP with a help of a Nginx Docker container in an Ubuntu 16.04 server.


  • Docker installed Ubuntu 16.04 server
  • Require a FQDN hostname
  • SSL certificate for your hostname

Creating SSL certificate for the hostname

First of all, let us obtain our SSL certificate for our hostname. I'm using Let's Encrypt to obtain my free SSL certificate. We can install Let's Encrypt using the GitHub repository.

Install Git and bc

Two of these packages needs to be installed prior to the Let's Encrypt installation. Bc is an “arbitrary precision language calculator. It is used for the auto-renewal script in the Let's Encrypt software. You can install these packages with this commands below:

root@www:~# apt-get update

root@www:~# apt-get -y install git bc

Once it is done, we can easily download let's encrypt by cloning the repository from GitHub.

Cloning Let's Encrypt Repository

We can use this command to clone the Let’s Encrypt repository to /opt folder.

root@www:~# git clone /opt/letsencrypt
Cloning into '/opt/letsencrypt'...
remote: Counting objects: 39435, done.
remote: Total 39435 (delta 0), reused 0 (delta 0), pack-reused 39435
Receiving objects: 100% (39435/39435), 10.63 MiB | 20.39 MiB/s, done.
Resolving deltas: 100% (28067/28067), done.
Checking connectivity... done.

By cloning, we'll have a copy of the let's encrypt repository in the /opt/letsencrypt directory.

Issuing SSL certificate

Let's Encrypt provides a numerous ways to obtain SSL certificates, through various plugins. We're using the Webroot plugin to initialize our certificate process. It is called as an authenticator plugin. It works by placing a special file in the /.well-known directory within your document root, which can be opened through your web server by the Let's Encrypt service for validation.  Let's see how we can use the Webroot plugin to obtain an SSL certificate.

If you've not installed a web server, you can install Nginx in your docker host with the command apt-get install nginx.

Now add the following section to your SSL server block in your default vhost configuration /etc/nginx/sites-available/default to allow access to the .well-known directory for validation.

location ~ /.well-known {
allow all;

This folder will be created under the domain document root during the SSL certificate issuing by Let's Encrypt. Now save the file and reload Nginx configuration.

Now we can use Webroot plugin to request our SSL certificate with these commands. You can specify our domain names with these command with the -d option. For using a single certificate for multiple domains, we can include all of them at once using the -d options as below:

root@www:~# cd /opt/letsencrypt
root@www:/opt/letsencrypt# ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d -d

We need to move to the letsencrypt repo folder at /opt and run this command from there. This command proceeds with the installation of the required Python packages and prompt to enter the email address which will be used for urgent notices and lost key recovery.


Enter your valid email address and proceed to the next screen to agree the terms and conditions for this software.


After agreeing to these Subscriber Agreement, the installation will complete successfully and will provide you with the Certificate details.


You can see the certificate details and expiration date for our domain cert from this.

Your certificate and chain have been saved at


Your cert will
expire on 2016-11-05.

You can edit your default Nginx configuration to include these certificate details for enabling SSL and reload the configuration to update these changes.

server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;

root /var/www/html/;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

You can verify your SSL installation at the URL >>

SSL Checker - SSL Certificate Verify 2016-08-08 14-18-27

Defining Path for Downloads

We need to add the following entries to our Nginx Vhost configuration under the SSL server block to serve our files when a request is made on /downloads/ url.

location /downloads/ {
alias /files/;

Creating Nginx Docker Container

Let's create our Nginx docker container with the secured  Nginx configuration from our docker host along with the let's encrypt installation and certificates. First of all, create a docker-compose.yml file. This file tells docker how to run a specific container.


files : This folder contains the files which needs to be downloaded
conf : This folder contains  our saved secured Nginx configuration
/etc/letsencrypt & /opt/letsencrypt contains our certificate details and letsencrypt scripts.
/var/www/ : contains our domain document roots.

PS : We can exclude the volumes which don't prefer to copy over as per our convenience.

Furthermore, it exposes the ports 80 and 443 of docker container to the host's port 8081 and 8080 respectively.

The above file tells docker to run a container using the nginx:latest image, mount the directories files and conf from the host machine, and expose ports as mentioned.

Now we can run this command to compose our docker container.

root@www:~# docker-compose up
Recreating root_nginx_1
Attaching to root_nginx_1

This will create a docker container as we've composed and make it running. We can view our docker container status below:

root@www:~# docker ps
a710ab1cdaa9 nginx:latest "nginx -g 'daemon off" About an hour ago Up About an hour>80/tcp,>443/tcp root_nginx_1

We can verify the Nginx secure installation for your docker container by calling this URL >> or in SSL checker.

SSL Checker - SSL

Downloading files securely

As we've composed, the files which we need to downloads reside inside the folder /files in our docker container.

root@www:~# docker exec -i -t a710ab1cdaa9 /bin/bash

root@a710ab1cdaa9:/files# ls -l
total 8
-rw-r--r-- 1 root root 172 Aug 8 07:39 log.tar.gz
-rw-r--r-- 1 root root 110 Aug 8 07:32 mails.tar.gz

Now we can easily download this securely using our Nginx docker from this URL >>>

downloading tar

That's it :). Correspondingly, we can download any large files from servers as per your requirement more easily and securely. I hope this article is informative and helpful for you. I would recommend your valuable comments and suggestions on this. Have a Nice Day!

About Saheetha Shameer

I'm working as a Senior System Administrator. I'm a quick learner and have a slight inclination towards following the current and emerging trends in the industry. My hobbies include hearing music, playing strategy computer games, reading and gardening. I also have a high passion for experimenting with various culinary delights :-)

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.