Skip to content

Instantly share code, notes, and snippets.

@khssnv

khssnv/docker-compose.nginx.yml

Last active December 9, 2022 08:54
Show Gist options
  • Save khssnv/a7b4c210a3b4a9b94e0a3cd029a0aff9 to your computer and use it in GitHub Desktop.
Save khssnv/a7b4c210a3b4a9b94e0a3cd029a0aff9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker-compose.nginx.yml
version: "3.8"
services:
nginx:
image: nginx:1.23
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/app.example.com.conf
- /etc/letsencrypt/:/etc/letsencrypt/
- /var/www/:/var/www/
app:
build: .
Raw
docker-compose.traefik.yml
version: "3.8"
services:
traefik:
image: traefik:v2.9
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
command:
- --log.level=DEBUG
- --accesslog
- --providers.docker
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=mail@example.com
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
# - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
app:
build: .
labels:
- traefik.enable=true
- traefik.http.routers.app.entrypoints=websecure
- traefik.http.routers.app.rule=Host(`app.example.com`)
- traefik.http.routers.app.tls=true
- traefik.http.routers.app.tls.certresolver=letsencrypt
- traefik.http.routers.app.service=app
- traefik.http.services.app.loadbalancer.server.port=9999
volumes:
letsencrypt:
Raw
nginx.conf
server {
server_name app.example.com;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
proxy_buffering off;
proxy_pass http://app:9999;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
ssl_session_cache shared:cache_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment