rkaramandi

Running NGINX and CertBot Containers on the Same Host

The Problem

A lot of people run into the problem of running Let's Encrypt's CertBot Tool and an NGINX on the same container host. A big part of this has to do with CertBot needing either port 80 or 443 open for the tool to work as intended. This tends to conflict with NGINX as most people usually use port 80 (HTTP) or 443 (HTTPS) for their reverse proxy. Section 1 outlines how to configure NGINX to get this to work, and Section 2 is the Docker command to run CertBot.

1. NGINX Configuration

I use Docker Compose (docker-compose) for my NGINX server. My docker-compose.yml file looks something like this:

denji

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

sumardi

server {
        listen 80;
        server_name example.com;

        access_log /var/log/nginx/example.com.access.log;
        error_log /var/log/nginx/example.com.error.log;

        root /var/www/example.com;
        index index.php;

metal3d

/*
NAT traversal system to let 2 computers behind firewall to communicate.

Example:
Client A (your machine) has public ip 1.1.1.1
Client B (distant machine) has public ip 2.2.2.2

You want to bind port 5556 on your machine
Distant Client want to bind port 5557