With these containers, you can spin up multiple sites using domains and subdomains by leveraging NGINX's reverse proxy connections automatically to container ports listening on 80 or 443. The letsencrypt container monitors for SSL certificates and re/creates them.
Any container that you want to be exposed, you need to:
-
Make sure that they are connected to the same network that the nginx containers are.
-
When spinning up the containers, make sure to pass 3 environment variables:
- VIRTUAL_HOST=subdomain.domain.com
- LETSENCRYPT_HOST=subdomain.domain.com
- LETSENCRYPT_EMAIL=admin@admin.com
- (optional, if your container service is listening on port other than 80 or 443) VIRTUAL_PORT: 1234
-
Copy the
env.sampleto.envand edit it according to the requirements -
Finally, run
./start.sh
-
While the internet-facing
nginx-webservice does not have docker socket mounted, it is running in privileged mode because it needs to bind the host's port 80. -
nginx-genandnginx-letsencryptare also running in privileged mode with docker socket mounted inromode.
Without the repositories below this webproxy wouldn´t be possible.
Credits goes to:
- docker-compose-letsencrypt-nginx-proxy-companion @evertramos
- nginx-proxy @jwilder
- docker-gen @jwilder
- docker-letsencrypt-nginx-proxy-companion @JrCs
Note: The docker-compose.yml, as-is, is running fine but will be heavily modified in near future to adapt it for other swarm services.