-
-
Save saroar/9a90b8396ac37311fe21de4bce3ad2e2 to your computer and use it in GitHub Desktop.
// nginx.conf | |
events { | |
worker_connections 1024; | |
} | |
http { | |
server { | |
listen 80; | |
server_name qvisa.eu; | |
location / { | |
proxy_pass http://quick_process_swift:8081; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
} | |
server { | |
listen 80; | |
server_name epayroll.pt; | |
location / { | |
proxy_pass http://ePayroll:8080; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
} | |
} | |
// nginx docker compose file | |
version: '3' | |
services: | |
nginx: | |
image: nginx:latest | |
container_name: nginx-proxy | |
restart: always | |
ports: | |
- "80:80" | |
volumes: | |
- ~/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf:ro | |
networks: | |
- shared_network | |
networks: | |
shared_network: | |
external: true | |
// quick_process_swift docker compose | |
version: '3.7' | |
services: | |
quick_process_swift: | |
image: alifspb/quick_process_swift:latest | |
container_name: quick_process_swift | |
ports: | |
- '8081:8081' | |
command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"] | |
networks: | |
- shared_network | |
networks: | |
shared_network: | |
external: true | |
// epayroll docker compose | |
version: '3.7' | |
services: | |
epayroll: | |
image: epayroll:latest | |
container_name: epayroll-app | |
ports: | |
- '8080:8080' | |
command: ["./App", "serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"] | |
networks: | |
- shared_network | |
networks: | |
shared_network: | |
external: true | |
NOTE: all use same network |
Let's Encrypt certificates are valid for 90 days. However, you do not need to manually renew them because the letsencrypt-nginx-proxy-companion
container automatically handles the renewal process.
Automatic Renewal with Let's Encrypt
The letsencrypt-nginx-proxy-companion
is configured to:
- Automatically Renew Certificates: It automatically renews the certificates when they are close to expiry (typically 30 days before the expiration date).
- Reload Nginx Configuration: After renewing a certificate, it will reload the
nginx-proxy
configuration to apply the new certificate.
Checking Certificate Expiration
You can check the expiration dates of your Let's Encrypt certificates to ensure they are being renewed correctly. Here are a couple of ways to do this:
1. Using the Let's Encrypt companion container logs
The logs will show information about certificate issuance and renewal:
docker logs nginx-letsencrypt
2. Using OpenSSL
You can check the expiration date of a certificate with OpenSSL:
echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 | openssl x509 -noout -dates
Replace yourdomain.com
with your actual domain name.
Manual Renewal (If Needed)
In some rare cases, you might need to manually trigger a certificate renewal. You can force renew all certificates by using the following command inside the letsencrypt-nginx-proxy-companion
container:
docker exec nginx-letsencrypt /app/force_renew
Key Points for Automatic Renewal
- Ensure that the
letsencrypt-nginx-proxy-companion
container is running and configured correctly. - Check logs periodically to ensure there are no errors related to certificate renewal.
- Ensure your domain is accessible from the internet, as Let's Encrypt needs to validate the domain ownership during the renewal process.
With the automatic renewal in place, you should not need to worry about manually updating your certificates. Just ensure that your letsencrypt-nginx-proxy-companion
container is running correctly and your domains remain accessible.
Certainly! Here is a detailed documentation that outlines the important points for setting up and configuring your Docker Compose setup for
nginx-proxy
,epayroll
, andQuickProcessSwift
.Documentation for Docker Compose Setup
Overview
This documentation covers the setup and configuration of Docker Compose for three services:
nginx-proxy
,epayroll
, andQuickProcessSwift
. Thenginx-proxy
service acts as a reverse proxy and handles SSL certificates using Let's Encrypt. Theepayroll
andQuickProcessSwift
services are applications that are routed through thenginx-proxy
.1.
nginx-proxy
Servicedocker-compose.yml
fornginx-proxy
Key Points
80
and443
for HTTP and HTTPS traffic.docker.sock
: Enables Docker to communicate with thenginx-proxy
container.vhost.d
,html
,certs
: Configurations for virtual hosts, HTML content, and SSL certificates.shared_network
.2.
epayroll
Servicedocker-compose.yml
forepayroll
Key Points
VIRTUAL_HOST
,LETSENCRYPT_HOST
,LETSENCRYPT_EMAIL
: Used bynginx-proxy
and Let's Encrypt for domain and SSL configuration.8080
.shared_network
.3.
QuickProcessSwift
Servicedocker-compose.yml
forQuickProcessSwift
Key Points
VIRTUAL_HOST
,LETSENCRYPT_HOST
,LETSENCRYPT_EMAIL
,VIRTUAL_PORT
: Used bynginx-proxy
and Let's Encrypt for domain and SSL configuration.MONGO_DB_PRODUCTION_URL
,JWT_SECRET_PRODUCTION
: Application-specific environment variables.mongo
service starts before the application.8081
for the application and27019
for MongoDB.shared_network
.Additional Notes
Network Configuration:
shared_network
is created as an external network before starting the services. This network allows the services to communicate with each other.Environment Variables:
.env
files or passed directly in thedocker-compose.yml
.SSL Certificates:
VIRTUAL_HOST
andLETSENCRYPT_HOST
environment variables.Logs and Debugging:
nginx-proxy
and individual services to debug any issues related to configuration or connectivity.Force Regenerate Configuration:
nginx-proxy
to force it to regenerate its configuration if changes are not reflected.By following this documentation, you should be able to set up and configure your Docker Compose environment for
nginx-proxy
,epayroll
, andQuickProcessSwift
services successfully.