Automated docker nginx proxy integrated with letsencrypt. Based on https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 8.0KB

10 months ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. # Web Proxy using Docker, NGINX and Let's Encrypt
  2. With this repo you will be able to set up your server with multiple sites using a single NGINX proxy to manage your connections, automating your apps container (port 80 and 443) to auto renew your ssl certificates with Let´s Encrypt.
  3. Something like:
  4. ![Web Proxy environment](https://github.com/evertramos/images/raw/master/webproxy.jpg)
  5. ## Why use it?
  6. Using this set up you will be able start a production environment in a few seconds. For each new web project simply start the containers with the option `-e VIRTUAL_HOST=your.domain.com` and you will be ready to go. If you want to use SSL (Let's Encrypt) just add the tag `-e LETSENCRYPT_HOST=your.domain.com`. Done!
  7. Easy and trustworthy!
  8. ## Prerequisites
  9. In order to use this compose file (docker-compose.yml) you must have:
  10. 1. docker (https://docs.docker.com/engine/installation/)
  11. 2. docker-compose (https://docs.docker.com/compose/install/)
  12. ## How to use it
  13. 1. Clone this repository:
  14. ```bash
  15. git clone https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.git
  16. ```
  17. 2. Make a copy of our `.env.sample` and rename it to `.env`:
  18. Update this file with your preferences.
  19. ```
  20. #
  21. # docker-compose-letsencrypt-nginx-proxy-companion
  22. #
  23. # A Web Proxy using docker with NGINX and Let's Encrypt
  24. # Using the great community docker-gen, nginx-proxy and docker-letsencrypt-nginx-proxy-companion
  25. #
  26. # This is the .env file to set up your webproxy enviornment
  27. #
  28. # Your local containers NAME
  29. #
  30. NGINX_WEB=nginx-web
  31. DOCKER_GEN=nginx-gen
  32. LETS_ENCRYPT=nginx-letsencrypt
  33. #
  34. # Set the IP address of the external access Interface
  35. #
  36. IP=0.0.0.0
  37. #
  38. # Default Network
  39. #
  40. NETWORK=webproxy
  41. # If you want to customize the created network, use the following variable
  42. #NETWORK_OPTIONS="--opt encrypted=true"
  43. #
  44. # Service Network (Optional)
  45. #
  46. # In case you decide to add a new network to your services containers you can set this
  47. # network as a SERVICE_NETWORK
  48. #
  49. # [WARNING] This setting was built to use our `start.sh` script or in that special case
  50. # you could use the docker-composer with our multiple network option, as of:
  51. # `docker-compose -f docker-compose-multiple-networks.yml up -d`
  52. #
  53. #SERVICE_NETWORK=webservices
  54. # If you want to customize the created network, use the following variable
  55. #SERVICE_NETWORK_OPTIONS="--opt encrypted=true"
  56. #
  57. ## NGINX file path (mount into the host)
  58. # Here you can configure the path where nginx stores all the configurations and certificates.
  59. # With the value ./nginx-data it creates a new sub-folder into your current path.
  60. NGINX_FILES_PATH=./nginx-data
  61. #
  62. # NGINX use special conf files
  63. #
  64. # In case you want to add some special configuration to your NGINX Web Proxy you could
  65. # add your files to ./conf.d/ folder as of sample file 'uploadsize.conf'
  66. #
  67. # [WARNING] This setting was built to use our `start.sh`.
  68. #
  69. # [WARNING] Once you set this options to true all your files will be copied to data
  70. # folder (./data/conf.d). If you decide to remove this special configuration
  71. # you must delete your files from data folder ./data/conf.d.
  72. #
  73. #USE_NGINX_CONF_FILES=true
  74. #
  75. # Docker Logging Config
  76. #
  77. # This section offers two options max-size and max-file, which follow the docker documentation
  78. # as follow:
  79. #
  80. # logging:
  81. # driver: "json-file"
  82. # options:
  83. # max-size: "200k"
  84. # max-file: "10"
  85. #
  86. #NGINX_WEB_LOG_DRIVER=json-file
  87. #NGINX_WEB_LOG_MAX_SIZE=4m
  88. #NGINX_WEB_LOG_MAX_FILE=10
  89. #NGINX_GEN_LOG_DRIVER=json-file
  90. #NGINX_GEN_LOG_MAX_SIZE=2m
  91. #NGINX_GEN_LOG_MAX_FILE=10
  92. #NGINX_LETSENCRYPT_LOG_DRIVER=json-file
  93. #NGINX_LETSENCRYPT_LOG_MAX_SIZE=2m
  94. #NGINX_LETSENCRYPT_LOG_MAX_FILE=10
  95. ```
  96. 3. Run our start script
  97. ```bash
  98. ./start.sh
  99. ```
  100. Your proxy is ready to go!
  101. ## Starting your web containers
  102. After following the steps above you can start new web containers with port 80 open and add the option `-e VIRTUAL_HOST=your.domain.com` so proxy will automatically generate the reverse script in NGINX Proxy to forward new connections to your web/app container, as of:
  103. ```bash
  104. docker run -d -e VIRTUAL_HOST=your.domain.com \
  105. --network=webproxy \
  106. --name my_app \
  107. httpd:alpine
  108. ```
  109. To have SSL in your web/app you just add the option `-e LETSENCRYPT_HOST=your.domain.com`, as follow:
  110. ```bash
  111. docker run -d -e VIRTUAL_HOST=your.domain.com \
  112. -e LETSENCRYPT_HOST=your.domain.com \
  113. -e LETSENCRYPT_EMAIL=your.email@your.domain.com \
  114. --network=webproxy \
  115. --name my_app \
  116. httpd:alpine
  117. ```
  118. > You don´t need to open port *443* in your container, the certificate validation is managed by the web proxy.
  119. > Please note that when running a new container to generate certificates with LetsEncrypt (`-e LETSENCRYPT_HOST=your.domain.com`), it may take a few minutes, depending on multiples circumstances.
  120. ## Further Options
  121. 1. Basic Authentication Support
  122. In order to be able to secure your virtual host with basic authentication, you must create a htpasswd file within `${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}` via:
  123. ```bash
  124. sudo sh -c "echo -n '[username]:' >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"
  125. sudo sh -c "openssl passwd -apr1 >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"
  126. ```
  127. > Please substitute the `${NGINX_FILES_PATH}` with your path information, replace `[username]` with your username and `${VIRTUAL_HOST}` with your host's domain. You will be prompted for a password.
  128. 2. Using multiple networks
  129. If you want to use more than one network to better organize your environment you could set the option `SERVICE_NETWORK` in our `.env.sample` or you can just create your own network and attach all your containers as of:
  130. ```bash
  131. docker network create myownnetwork
  132. docker network connect myownnetwork nginx-web
  133. docker network connect myownnetwork nginx-gen
  134. docker network connect myownnetwork nginx-letsencrypt
  135. ```
  136. 3. Using different ports to be proxied
  137. If your service container runs on port 8545 you probably will need to add the `VIRTUAL_PORT` environment variable to your container, in the `docker-compose.yml`, as of:
  138. ```bash
  139. parity
  140. image: parity/parity:v1.8.9
  141. [...]
  142. environment:
  143. [...]
  144. VIRTUAL_PORT: 8545
  145. ```
  146. Or as of below:
  147. ```bash
  148. docker run [...] -e VIRTUAL_PORT=8545 [...]
  149. ```
  150. ## Testing your proxy with scripts preconfigured
  151. 1. Run the script `test.sh` informing your domain already configured in your DNS to point out to your server as follow:
  152. ```bash
  153. ./test_start_ssl.sh your.domain.com
  154. ```
  155. or simply run:
  156. ```bash
  157. docker run -dit -e VIRTUAL_HOST=your.domain.com --network=webproxy --name test-web httpd:alpine
  158. ```
  159. Access your browser with your domain!
  160. To stop and remove your test container run our `stop_test.sh` script:
  161. ```bash
  162. ./test_stop.sh
  163. ```
  164. Or simply run:
  165. ```bash
  166. docker stop test-web && docker rm test-web
  167. ```
  168. ## Running this Proxy on a Synology NAS
  169. Please checkout this [howto](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/docs/HOWTO-Synlogy.md).
  170. ## Production Environment using Web Proxy and Wordpress
  171. 1. [docker-wordpress-letsencrypt](https://github.com/evertramos/docker-wordpress-letsencrypt)
  172. 2. [docker-portainer-letsencrypt](https://github.com/evertramos/docker-portainer-letsencrypt)
  173. 3. [docker-nextcloud-letsencrypt](https://github.com/evertramos/docker-nextcloud-letsencrypt)
  174. In this repo you will find a docker-compose file to start a production environment for a new wordpress site.
  175. ## Credits
  176. Without the repositories below this webproxy wouldn´t be possible.
  177. Credits goes to:
  178. - nginx-proxy [@jwilder](https://github.com/jwilder/nginx-proxy)
  179. - docker-gen [@jwilder](https://github.com/jwilder/docker-gen)
  180. - docker-letsencrypt-nginx-proxy-companion [@JrCs](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion)
  181. ### Special thanks to:
  182. - [@j7an](https://github.com/j7an) - Many contributions and the ipv6 branch!
  183. - [@buchdag](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/pull/226#event-1145800062)
  184. - [@fracz](https://github.com/fracz) - Many contributions!