Nginx proxy
This is not needed when working on local instances. Following the setup local demo section is enough to get a local instance up and running. |
We advise against merging/mixing Corteza and It can be done but requires some experience with Docker Compose. |
The following instructions assume that you don’t have anything similar setup on your current environment. If you are using other means of providing traffic forwarding or SSL certificate handling, proceed with caution. |
Containers must be on the same network as |
Nginx Proxy (docker image jwilder/nginx-proxy
) is an auto-configurable reverse-proxy that routes traffic from your public IP to Docker containers on the host.
LetsEncrypt Nginx Proxy Companion (docker image jrcs/letsencrypt-nginx-proxy-companion
) automates the process of creating, renewing and using Let’s Encrypt certificates for your Docker containers.
-
Both images listen for docker events to detect when containers start or stop,
-
Nginx Proxy generates and reloads the configuration, and starts forwarding HTTP traffic to that container based on the
VIRTUAL_HOST
, -
LetsEncrypt companion starts the certificate creation process, reconfigures Nginx Proxy and enables redirection from HTTP to HTTPS based on the
LETSENCRYPT_HOST
.
-
Containers (like Corteza server, and fronted application) that are exposed publicly no longer have to publish their ports on public IP,
-
complicated firewall configurations and network forwarding rules are no longer required.
Configurations
docker-compose.yaml
version: '3.5'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
- "443:443"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
volumes:
- ./certs:/etc/nginx/certs
- ./htpasswd:/etc/nginx/htpasswd
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./custom.conf:/etc/nginx/conf.d/custom.conf:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: always
depends_on:
- nginx-proxy
volumes:
- ./certs:/etc/nginx/certs
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
# Create network if it does not exist
networks: { proxy: { name: proxy } }
custom.conf
# Make sure we can upload at least 200Mb files
client_max_body_size 200M;
# Add other custom configs.
#
|
Run the services
docker-compose up -d
You can check if everything is running correctly by executing the docker-compose ps
command.
The output should be similar to this one:
Name Command State Ports
-----------------------------------------------------------------------------------------------------
nginx-letsencrypt /bin/bash /app/entrypoint. ... Up
nginx-proxy /app/docker-entrypoint.sh ... Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp