Nginx proxy

This is not needed when working on local instances. Following the setup local demo section is enough to get a local instance up and running.

We advise against merging/mixing Corteza and nginx-proxy in the same directory.

It can be done but requires some experience with Docker Compose.

The following instructions assume that you don’t have anything similar setup on your current environment. If you are using other means of providing traffic forwarding or SSL certificate handling, proceed with caution.

Containers must be on the same network as nginx-proxy (in the examples we’re using network named proxy).

Nginx Proxy (docker image jwilder/nginx-proxy) is an auto-configurable reverse-proxy that routes traffic from your public IP to Docker containers on the host.

LetsEncrypt Nginx Proxy Companion (docker image jrcs/letsencrypt-nginx-proxy-companion) automates the process of creating, renewing and using Let’s Encrypt certificates for your Docker containers.

What does this do?
  1. Both images listen for docker events to detect when containers start or stop,

  2. Nginx Proxy generates and reloads the configuration, and starts forwarding HTTP traffic to that container based on the VIRTUAL_HOST,

  3. LetsEncrypt companion starts the certificate creation process, reconfigures Nginx Proxy and enables redirection from HTTP to HTTPS based on the LETSENCRYPT_HOST.

What are the benefits?
  1. Containers (like Corteza server, and fronted application) that are exposed publicly no longer have to publish their ports on public IP,

  2. complicated firewall configurations and network forwarding rules are no longer required.

Configurations

docker-compose.yaml
version: '3.5'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: always
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - ./certs:/etc/nginx/certs
      - ./htpasswd:/etc/nginx/htpasswd
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./custom.conf:/etc/nginx/conf.d/custom.conf:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: always
    depends_on:
      - nginx-proxy
    volumes:
      - ./certs:/etc/nginx/certs
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro

# Create network if it does not exist
networks: { proxy: { name: proxy } }
custom.conf
# Make sure we can upload at least 200Mb files
client_max_body_size    200M;

# Add other custom configs.

#

custom.conf must be placed next to docker-compose.yaml.

Run the services

docker-compose up -d

You can check if everything is running correctly by executing the docker-compose ps command. The output should be similar to this one:

      Name                     Command               State                    Ports
-----------------------------------------------------------------------------------------------------
nginx-letsencrypt   /bin/bash /app/entrypoint. ...   Up
nginx-proxy         /app/docker-entrypoint.sh  ...   Up      0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp