Automated docker nginx proxy integrated with letsencrypt. Based on https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
root f6dfb50d1b exclude nginx-data from git hace 9 meses
conf.d first commit hace 9 meses
docs first commit hace 9 meses
scripts first commit hace 9 meses
.env.sample first commit hace 9 meses
.gitignore exclude nginx-data from git hace 9 meses
LICENSE first commit hace 9 meses
README.md first commit hace 9 meses
docker-compose-multiple-networks.yml first commit hace 9 meses
docker-compose.yml first commit hace 9 meses
nginx.tmpl first commit hace 9 meses
start.sh first commit hace 9 meses
test_start.sh first commit hace 9 meses
test_start_ssl.sh first commit hace 9 meses
test_stop.sh first commit hace 9 meses

README.md

Web Proxy using Docker, NGINX and Let’s Encrypt

With this repo you will be able to set up your server with multiple sites using a single NGINX proxy to manage your connections, automating your apps container (port 80 and 443) to auto renew your ssl certificates with Let´s Encrypt.

Something like:

Web Proxy environment

Why use it?

Using this set up you will be able start a production environment in a few seconds. For each new web project simply start the containers with the option -e VIRTUAL_HOST=your.domain.com and you will be ready to go. If you want to use SSL (Let’s Encrypt) just add the tag -e LETSENCRYPT_HOST=your.domain.com. Done!

Easy and trustworthy!

Prerequisites

In order to use this compose file (docker-compose.yml) you must have:

  1. docker (https://docs.docker.com/engine/installation/)
  2. docker-compose (https://docs.docker.com/compose/install/)

How to use it

  1. Clone this repository:
git clone https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.git
  1. Make a copy of our .env.sample and rename it to .env:

Update this file with your preferences.

#
# docker-compose-letsencrypt-nginx-proxy-companion
#
# A Web Proxy using docker with NGINX and Let's Encrypt
# Using the great community docker-gen, nginx-proxy and docker-letsencrypt-nginx-proxy-companion
#
# This is the .env file to set up your webproxy enviornment

#
# Your local containers NAME
#
NGINX_WEB=nginx-web
DOCKER_GEN=nginx-gen
LETS_ENCRYPT=nginx-letsencrypt

#
# Set the IP address of the external access Interface
#
IP=0.0.0.0

#
# Default Network
#
NETWORK=webproxy

# If you want to customize the created network, use the following variable
#NETWORK_OPTIONS="--opt encrypted=true"

#
# Service Network (Optional)
#
# In case you decide to add a new network to your services containers you can set this
# network as a SERVICE_NETWORK
#
# [WARNING] This setting was built to use our `start.sh` script or in that special case
#           you could use the docker-composer with our multiple network option, as of:
#           `docker-compose -f docker-compose-multiple-networks.yml up -d`
#
#SERVICE_NETWORK=webservices

# If you want to customize the created network, use the following variable
#SERVICE_NETWORK_OPTIONS="--opt encrypted=true"

#
## NGINX file path (mount into the host)
# Here you can configure the path where nginx stores all the configurations and certificates.
# With the value ./nginx-data it creates a new sub-folder into your current path.

NGINX_FILES_PATH=./nginx-data

#
# NGINX use special conf files
#
# In case you want to add some special configuration to your NGINX Web Proxy you could
# add your files to ./conf.d/ folder as of sample file 'uploadsize.conf'
#
# [WARNING] This setting was built to use our `start.sh`.
#
# [WARNING] Once you set this options to true all your files will be copied to data
#           folder (./data/conf.d). If you decide to remove this special configuration
#           you must delete your files from data folder ./data/conf.d.
#
#USE_NGINX_CONF_FILES=true

#
# Docker Logging Config
#
# This section offers two options max-size and max-file, which follow the docker documentation
# as follow:
#
# logging:
#      driver: "json-file"
#      options:
#        max-size: "200k"
#        max-file: "10"
#
#NGINX_WEB_LOG_DRIVER=json-file
#NGINX_WEB_LOG_MAX_SIZE=4m
#NGINX_WEB_LOG_MAX_FILE=10

#NGINX_GEN_LOG_DRIVER=json-file
#NGINX_GEN_LOG_MAX_SIZE=2m
#NGINX_GEN_LOG_MAX_FILE=10

#NGINX_LETSENCRYPT_LOG_DRIVER=json-file
#NGINX_LETSENCRYPT_LOG_MAX_SIZE=2m
#NGINX_LETSENCRYPT_LOG_MAX_FILE=10
  1. Run our start script
./start.sh

Your proxy is ready to go!

Starting your web containers

After following the steps above you can start new web containers with port 80 open and add the option -e VIRTUAL_HOST=your.domain.com so proxy will automatically generate the reverse script in NGINX Proxy to forward new connections to your web/app container, as of:

docker run -d -e VIRTUAL_HOST=your.domain.com \
              --network=webproxy \
              --name my_app \
              httpd:alpine

To have SSL in your web/app you just add the option -e LETSENCRYPT_HOST=your.domain.com, as follow:

docker run -d -e VIRTUAL_HOST=your.domain.com \
              -e LETSENCRYPT_HOST=your.domain.com \
              -e LETSENCRYPT_EMAIL=your.email@your.domain.com \
              --network=webproxy \
              --name my_app \
              httpd:alpine

You don´t need to open port 443 in your container, the certificate validation is managed by the web proxy.

Please note that when running a new container to generate certificates with LetsEncrypt (-e LETSENCRYPT_HOST=your.domain.com), it may take a few minutes, depending on multiples circumstances.

Further Options

  1. Basic Authentication Support

In order to be able to secure your virtual host with basic authentication, you must create a htpasswd file within ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST} via:

sudo sh -c "echo -n '[username]:' >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"
sudo sh -c "openssl passwd -apr1 >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"

Please substitute the ${NGINX_FILES_PATH} with your path information, replace [username] with your username and ${VIRTUAL_HOST} with your host’s domain. You will be prompted for a password.

  1. Using multiple networks

If you want to use more than one network to better organize your environment you could set the option SERVICE_NETWORK in our .env.sample or you can just create your own network and attach all your containers as of:

docker network create myownnetwork
docker network connect myownnetwork nginx-web
docker network connect myownnetwork nginx-gen
docker network connect myownnetwork nginx-letsencrypt
  1. Using different ports to be proxied

If your service container runs on port 8545 you probably will need to add the VIRTUAL_PORT environment variable to your container, in the docker-compose.yml, as of:

parity
    image: parity/parity:v1.8.9
    [...]
    environment:
      [...]
      VIRTUAL_PORT: 8545

Or as of below:

docker run [...] -e VIRTUAL_PORT=8545 [...]

Testing your proxy with scripts preconfigured

  1. Run the script test.sh informing your domain already configured in your DNS to point out to your server as follow:
./test_start_ssl.sh your.domain.com

or simply run:

docker run -dit -e VIRTUAL_HOST=your.domain.com --network=webproxy --name test-web httpd:alpine

Access your browser with your domain!

To stop and remove your test container run our stop_test.sh script:

./test_stop.sh

Or simply run:

docker stop test-web && docker rm test-web 

Running this Proxy on a Synology NAS

Please checkout this howto.

Production Environment using Web Proxy and Wordpress

  1. docker-wordpress-letsencrypt
  2. docker-portainer-letsencrypt
  3. docker-nextcloud-letsencrypt

In this repo you will find a docker-compose file to start a production environment for a new wordpress site.

Credits

Without the repositories below this webproxy wouldn´t be possible.

Credits goes to:

Special thanks to: