nginx+docker+docker+docker.swift

// nginx.conf
events {
    worker_connections 1024;
}

http {
    server {
        listen 80;
        server_name qvisa.eu;

        location / {
            proxy_pass http://quick_process_swift:8081;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

    server {
        listen 80;
        server_name epayroll.pt;

        location / {
            proxy_pass http://ePayroll:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

// nginx docker compose file
version: '3'
services:
  nginx:
    image: nginx:latest
    container_name: nginx-proxy
    restart: always
    ports:
      - "80:80"
    volumes:
      - ~/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf:ro
    networks:
      - shared_network

networks:
  shared_network:
    external: true

// quick_process_swift docker compose 
version: '3.7'
services:
  quick_process_swift:
    image: alifspb/quick_process_swift:latest
    container_name: quick_process_swift
    ports:
      - '8081:8081'
    command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"]
    networks:
      - shared_network

networks:
  shared_network:
    external: true

// epayroll docker compose
version: '3.7'
services:
  epayroll:
    image: epayroll:latest
    container_name: epayroll-app
    ports:
      - '8080:8080'
    command: ["./App", "serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
    networks:
      - shared_network

networks:
  shared_network:
    external: true

NOTE: all use same network 

Let's Encrypt certificates are valid for 90 days. However, you do not need to manually renew them because the letsencrypt-nginx-proxy-companion container automatically handles the renewal process.

Automatic Renewal with Let's Encrypt

The letsencrypt-nginx-proxy-companion is configured to:

1. Automatically Renew Certificates: It automatically renews the certificates when they are close to expiry (typically 30 days before the expiration date).
2. Reload Nginx Configuration: After renewing a certificate, it will reload the nginx-proxy configuration to apply the new certificate.

Checking Certificate Expiration

You can check the expiration dates of your Let's Encrypt certificates to ensure they are being renewed correctly. Here are a couple of ways to do this:

1. Using the Let's Encrypt companion container logs

The logs will show information about certificate issuance and renewal:

docker logs nginx-letsencrypt

2. Using OpenSSL

You can check the expiration date of a certificate with OpenSSL:

echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 | openssl x509 -noout -dates

Replace yourdomain.com with your actual domain name.

Manual Renewal (If Needed)

In some rare cases, you might need to manually trigger a certificate renewal. You can force renew all certificates by using the following command inside the letsencrypt-nginx-proxy-companion container:

docker exec nginx-letsencrypt /app/force_renew

Key Points for Automatic Renewal

• Ensure that the letsencrypt-nginx-proxy-companion container is running and configured correctly.
• Check logs periodically to ensure there are no errors related to certificate renewal.
• Ensure your domain is accessible from the internet, as Let's Encrypt needs to validate the domain ownership during the renewal process.

With the automatic renewal in place, you should not need to worry about manually updating your certificates. Just ensure that your letsencrypt-nginx-proxy-companion container is running correctly and your domains remain accessible.