With this repo you will be able to set up your server with multiple sites using a single NGINX proxy to manage your connections, automating your apps container (port 80 and 443) to auto renew your ssl certificates with Let´s Encrypt.
Something like:
Using this set up you will be able start a production environment in a few seconds. For each new web project simply start the containers with the option -e VIRTUAL_HOST=your.domain.com and you will be ready to go. If you want to use SSL (Let's Encrypt) just add the tag -e LETSENCRYPT_HOST=your.domain.com. Done!
Easy and trustworthy!
In order to use this compose file (docker-compose.yml) you must have:
- docker (https://docs.docker.com/engine/installation/)
- docker-compose (https://docs.docker.com/compose/install/)
-
Clone this repository.
-
Run
./setup.sh. -
Update
.envfile with your settings. -
Start services
In foreground (useful for local development):
docker-compose upIn background, with SSL (usually for production):
docker-compose -f docker-compose.yml -f http.yml up -dIn background, with a companion staging instance, both with SSL:
docker-compose -f docker-compose.yml -f staging.yml -f http.yml up -dWordPress is ready to go!
After following the steps above you can start new web containers with port 80 open and add the option -e VIRTUAL_HOST=your.domain.com so proxy will automatically generate the reverse script in NGINX Proxy to forward new connections to your web/app container, as of:
docker run -d -e VIRTUAL_HOST=your.domain.com \
--network=webproxy \
--name my_app \
httpd:alpineTo have SSL in your web/app you just add the option -e LETSENCRYPT_HOST=your.domain.com, as follow:
docker run -d -e VIRTUAL_HOST=your.domain.com \
-e LETSENCRYPT_HOST=your.domain.com \
-e [email protected] \
--network=webproxy \
--name my_app \
httpd:alpineYou don´t need to open port 443 in your container, the certificate validation is managed by the web proxy.
Please note that when running a new container to generate certificates with LetsEncrypt (
-e LETSENCRYPT_HOST=your.domain.com), it may take a few minutes, depending on multiples circumstances.
- Basic Authentication Support
In order to be able to secure your virtual host with basic authentication, you must create a htpasswd file within ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST} via:
sudo sh -c "echo -n '[username]:' >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"
sudo sh -c "openssl passwd -apr1 >> ${NGINX_FILES_PATH}/htpasswd/${VIRTUAL_HOST}"Please substitute the
${NGINX_FILES_PATH}with your path information, replace[username]with your username and${VIRTUAL_HOST}with your host's domain. You will be prompted for a password.
- Using multiple networks
If you want to use more than one network to better organize your environment you could set the option SERVICE_NETWORK in our .env.sample or you can just create your own network and attach all your containers as of:
docker network create myownnetwork
docker network connect myownnetwork nginx-web
docker network connect myownnetwork nginx-gen
docker network connect myownnetwork nginx-letsencrypt- Using different ports to be proxied
If your service container runs on port 8545 you probably will need to add the VIRTUAL_PORT environment variable to your container, in the docker-compose.yml, as of:
parity
image: parity/parity:v1.8.9
[...]
environment:
[...]
VIRTUAL_PORT: 8545Or as of below:
docker run [...] -e VIRTUAL_PORT=8545 [...]- Run the script
test.shinforming your domain already configured in your DNS to point out to your server as follow:
./test_start_ssl.sh your.domain.comor simply run:
docker run -dit -e VIRTUAL_HOST=your.domain.com --network=webproxy --name test-web httpd:alpineAccess your browser with your domain!
To stop and remove your test container run our stop_test.sh script:
./test_stop.shOr simply run:
docker stop test-web && docker rm test-web In this repo you will find a docker-compose file to start a production environment for a new wordpress site.
Without the repositories below this webproxy wouldn´t be possible.
Credits goes to: