jwilder nginx docker reverse proxy with acme companion
Toastie
a9076aa1c6
Merge branch 'master' of https://git.in-ulm.de/ulpeters/reverse-proxy
|
3 months ago | |
|---|---|---|
| data | 3 months ago | |
| utils | 1 year ago | |
| README.md | 1 year ago | |
| docker-compose.yml | 3 months ago |
README.md
nginx-proxy stack
nginx-proxy acts as reverse proxy for other containers.
acme-companion obtains certificates from letsencrypt used by the revsers proxy.
Both monitor the docker daemon via /var/run/docker.sock for newly created containers. Based on specific environment variables, see example below, the required configuration gets generated.
Examples
Important: Make sure the container is connected to the reverse-proxy_default network.
docker-compose
whoami:
image: jwilder/whoami
container_name: whoami
environment:
- VIRTUAL_HOST=whoami.example.com
- LETSENCRYPT_HOST=whoami.example.com
- LETSENCRYPT_EMAIL=webmaster@example.com
docker run
fqdn="whoami.example.com"
docker run --rm --name whoami \
--env VIRTUAL_HOST=$fqdn \
--env LETSENCRYPT_HOST=$fqdn \
--network reverse-proxy_default \
jwilder/whoami
Mailcow
To activate the configuration for mailcow:
cdin./data/conf.d/and- create a hardlink
ln ../mailcow_proxy.conf mailcow_proxy.conf - The volume with certs obtained by mailcow is already part of docker-compose.yml, comment if not needed
ejabberd
To set proper headers for ejabberd:
cdin./data/vhost.d/and- create a hardlink
ln ../ejabberd-vhost im.example.com
Basic Auth
echo "someusername:"echo "somepassword" openssl passwd -stdin> ./data/htpasswd/www.example.com
to enable basic auth for a vhost
or use the bash script in ./utils/setup_basic-auth.sh
Notes and pitfalls
When changing domains while moving from development to production, perform a docker system prune prior to restarting the service.