Created
July 20, 2019 19:55
-
-
Save NguyenTrungTin/f8cba22c85acbbe8bf556e4f4b0f9f5c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Step 1 - nginx-proxy | |
Start **nginx-proxy** with the three additional volumes declared: | |
```shell | |
$ docker run --detach \ | |
--name nginx-proxy \ | |
--publish 80:80 \ | |
--publish 443:443 \ | |
--volume /etc/nginx/certs \ | |
--volume /etc/nginx/vhost.d \ | |
--volume /usr/share/nginx/html \ | |
--volume /var/run/docker.sock:/tmp/docker.sock:ro \ | |
jwilder/nginx-proxy | |
``` | |
Binding the host docker socket (`/var/run/docker.sock`) inside the container to `/tmp/docker.sock` is a requirement of **nginx-proxy**. | |
### Step 2 - letsencrypt-nginx-proxy-companion | |
Start the **letsencrypt-nginx-proxy-companion** container, getting the volumes from **nginx-proxy** with `--volumes-from`: | |
```shell | |
$ docker run --detach \ | |
--name nginx-proxy-letsencrypt \ | |
--volumes-from nginx-proxy \ | |
--volume /var/run/docker.sock:/var/run/docker.sock:ro \ | |
--env "DEFAULT_EMAIL=mail@yourdomain.tld" \ | |
jrcs/letsencrypt-nginx-proxy-companion | |
``` | |
The host docker socket has to be bound inside this container too, this time to `/var/run/docker.sock`. | |
Albeit **optional**, it is **recommended** to provide a valid default email address through the `DEFAULT_EMAIL` environment variable, so that Let's Encrypt can warn you about expiring certificates and allow you to recover your account. | |
### Step 3 - proxyed container(s) | |
Once both **nginx-proxy** and **letsencrypt-nginx-proxy-companion** containers are up and running, start any container you want proxyed with environment variables `VIRTUAL_HOST` and `LETSENCRYPT_HOST` both set to the domain(s) your proxyed container is going to use. | |
[`VIRTUAL_HOST`](https://github.com/jwilder/nginx-proxy#usage) control proxying by **nginx-proxy** and `LETSENCRYPT_HOST` control certificate creation and SSL enabling by **letsencrypt-nginx-proxy-companion**. | |
Certificates will only be issued for containers that have both `VIRTUAL_HOST` and `LETSENCRYPT_HOST` variables set to domain(s) that correctly resolve to the host, provided the host is publicly reachable. | |
```shell | |
$ docker run --detach \ | |
--name your-proxyed-app \ | |
--env "VIRTUAL_HOST=subdomain.yourdomain.tld" \ | |
--env "LETSENCRYPT_HOST=subdomain.yourdomain.tld" \ | |
nginx | |
``` | |
The containers being proxied must expose the port to be proxied, either by using the `EXPOSE` directive in their Dockerfile or by using the `--expose` flag to `docker run` or `docker create`. | |
If the proxyed container listen on and expose another port than the default `80`, you can force **nginx-proxy** to use this port with the [`VIRTUAL_PORT`](https://github.com/jwilder/nginx-proxy#multiple-ports) environment variable. | |
Example using [Grafana](https://hub.docker.com/r/grafana/grafana/) (expose and listen on port 3000): | |
```shell | |
$ docker run --detach \ | |
--name grafana \ | |
--env "VIRTUAL_HOST=othersubdomain.yourdomain.tld" \ | |
--env "VIRTUAL_PORT=3000" \ | |
--env "LETSENCRYPT_HOST=othersubdomain.yourdomain.tld" \ | |
--env "LETSENCRYPT_EMAIL=mail@yourdomain.tld" \ | |
grafana/grafana | |
``` | |
Repeat [Step 3](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/README.md#step-3---proxyed-containers) for any other container you want to proxy. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment