Home

Awesome

Build Status

letsencrypt_nginx_proxy_companion with docker-compose

This repository contains reference docker-compose files for a variety of nginx-proxy with letsencrypt-nginx-proxy-companion setups :

.
├── 2-containers
│   ├── compose-v2
│   └── compose-v3
│       ├── environment
│       └── labels
└── 3-containers
    ├── compose-v2
    │   ├── environment
    │   └── labels
    └── compose-v3
        ├── environment
        └── labels

Before your start

Be sure to be familiar with the basic, non compose use of this container with nginx-proxy.

All the docker-compose file assume the existence of a docker network called nginx-proxy. You'll have to create it with docker network create nginx-proxy before you can use any of the example file.

For letsencrypt-nginx-proxy-companion to work properly, it needs to know the id of the nginx-proxy container, or the id of both the nginx and docker-gen containers in a three container setup.

If you start your stack using the docker run commands from the examples, the letsencrypt container will automatically find the id of the nginx (or nginx-proxy) container through the volume it gets with the --volumes_from option.

This options also exists in compose file version 2, but not on compose file version 3, meaning that if you use a version 3 file, it needs to use one the two ways to make the letsencrypt container aware of the nginx/nginx-proxy container id. Those two methodes are:

On a three container setup, the letsencrypt container has no automated way to get the id of the docker-gen container, so in this setup, you'll need to use one of those two methods (wether you use a compose file version 2 or 3):

The docker-compose files on environment subfolders use the environment variable method.

The docker-compose files on labels subfolders use the label method.

The advantage the labels method has over the environment method is enabling the use of the letsencrypt-nginx-proxy-docker-companion in Swarm Mode or in Docker Cloud, where containers names are dynamic. Howhever if you intend to do so, as upstream docker-gen lacks the ability to identify containers from labels, you'll need both to use the three container setup and to replace jwilder/docker-gen with a fork that has this ability like herlderco/docker-gen. Be advised that for now, this works to a very limited extent (everything has to be on the same node).

As for the rest of the subfolders:

The simplest, most straightforward setup is two containers using compose file version 2.

Usage

  1. get the docker-compose.yaml corresponding to the setup you want to start from.
  2. if you use a three containers setup, don't forget to get the nginx.tmpl file and put next to the docker-compose.yaml file.
  3. create the required docker network with docker network create nginx-proxy.
  4. launch the stack in detached mode with docker-compose up -d

Once your nginx-proxy stack is up and running you can launch proxyed containers from the command line (don't forget to connect them to the nginx-proxy network):

docker run -d \
    --name example-webapp \
    --network nginx-proxy \
    --expose 80 \
    -e "VIRTUAL_HOST=subdomain.yourdomain.tld" \
    -e "VIRTUAL_PORT=80" \
    -e "LETSENCRYPT_HOST=subdomain.yourdomain.tld" \
    -e "LETSENCRYPT_EMAIL=mail@yourdomain.tld" \
    nginx

Or with a compose file:

version: '3'

services:
  web:
    image: nginx:alpine
    container_name: example-webapp
    expose:
      - "80"
    environment:
      - VIRTUAL_HOST=subdomain.yourdomain.tld
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=subdomain.yourdomain.tld
      - LETSENCRYPT_EMAIL=mail@yourdomain.tld
    restart: always

networks:
  default:
    external:
      name: nginx-proxy

In both case --expose (or expose:) and the VIRTUAL_PORT environment variable probably won't be required, but they are an added precaution toward a working setup if you use them correctly.

In any case all those compose files are mostly there to serve as "known working" base examples of a nginx-proxy + letsencrypt stack the way I use it, in a variety of setup. Do not hesitate to tinker and customise them to fit your particular need.