Created
November 30, 2016 10:22
-
-
Save ArmandDu/07dfd8ce2cb0d513fad8f0004afddc83 to your computer and use it in GitHub Desktop.
docker + nginx-proxy + letsencrypt : run your containers with automatic reverse proxy and ssl capabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This is the docker-compose file for running nginx + dockergen + letsencrypt | |
# ref: https://github.com/jwilder/nginx-proxy#separate-containers | |
# ref: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion#separate-containers-recommended-method | |
# | |
# You will be required to have in the same ./ a templates/ directory containing the last nginx.tmpl | |
# a certs/ directory will also be mounted to the ./ folder | |
# | |
# first-launch: | |
# $ docker network create -d bridge nginx-proxy | |
# $ mkdir templates/ | |
# $ curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > ./templates/nginx.tmpl | |
# | |
# | |
# usage: | |
# $ docker-compose up -d | |
# | |
# starting other containers: see myservice-template-docker-compose.yml | |
# | |
# | |
# | |
version: '2' | |
services: | |
nginx: | |
image: nginx | |
container_name: nginx | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- /etc/nginx/conf.d | |
- /etc/nginx/vhost.d | |
- /usr/share/nginx/html | |
- ./nginx/certs:/etc/nginx/certs:ro | |
networks: | |
- proxy-tier | |
nginx-gen: | |
image: jwilder/docker-gen | |
container_name: nginx-gen | |
volumes_from: | |
- nginx | |
volumes: | |
- ./nginx/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro | |
- /var/run/docker.sock:/tmp/docker.sock:ro | |
entrypoint: /usr/local/bin/docker-gen -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf | |
networks: | |
- proxy-tier | |
letsencrypt: | |
image: jrcs/letsencrypt-nginx-proxy-companion | |
container_name: nginx-letsencrypt | |
volumes_from: | |
- nginx | |
volumes: | |
- ./nginx/certs:/etc/nginx/certs:rw | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
environment: | |
# - LETSENCRYPT_TEST=TRUE #uncomment this line if using testing (and removing 5certs/week/domain limitation) | |
- NGINX_DOCKER_GEN_CONTAINER=nginx-gen | |
# We need to create a proxy-tier network, docker-compose create its own default network. | |
networks: | |
proxy-tier: | |
external: | |
name: nginx-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# This file is a helper for the first use of dockerized nginx-proxy and letsencrypt | |
# | |
# | |
# usage: | |
# $ chmod +x ./first-launch.sh | |
# $ ./first-launch.sh | |
# | |
docker network create -d nginx-proxy | |
mkdir templates/ certs/ | |
curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > ./templates/nginx.tmpl | |
echo "first launch done!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# this is a template file to use for your proxied services when using docker-compose.yml | |
# | |
# command line version: | |
# | |
# $ docker run -d [-p ...] [-P] --name my-service \ | |
# -e VIRTUAL_HOST=mydomain.com \ | |
# [-e ...] \ | |
# --network="nginx-proxy" \ | |
# [myregistry/]myimages/myservice | |
# | |
version: '2' | |
myservice: | |
#image: the image... | |
#build: the build... | |
environment: | |
- VIRTUAL_HOST=mydomain.com | |
# - VIRTUAL_PORT=8000 #uncomment this line if you are exposing multiple ports and http exposed port is not 80 | |
# - LETSENCRYPT_HOST=mydomain.com #uncomment this line if you want this domain to be secured | |
# - LETSENCRYPT_EMAIL=mail@mydomain.com #uncomment this line if using letsencrypt for this domain | |
networks: | |
- proxy-tier | |
# we are connecting to the same network created for nginx-proxy here | |
networks: | |
proxy-tier: | |
external: | |
name: nginx-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# This file is a helper for using dockerized nginx-proxy and letsencrypt | |
# | |
# | |
# usage: | |
# $ chmod +x ./run.sh | |
# $ ./run.sh | |
# | |
if [[ ! -e .firstlaunchdone ]] | |
then | |
echo "first launch,..." | |
./first-launch.sh | |
touch .firstlaunchdone | |
fi | |
docker-compose up -d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment