Hostname | IP Address | TTL |
---|---|---|
domain.com | 172.105.50.178 | Default |
* | 172.105.50.178 | Default |
sub0.domain.com | 172.105.50.178 | Default |
sub1.domain.com | 172.105.50.178 | Default |
docker-compose.yml
, open it in your favourite terminal-based text editor like Vim or Nano. html
& vhost
volumes will be very important in the next Let's Encrypt container deployment. They're designed to work together.always
. Other options include on-failure
and unless-stopped
. In this case, always seemed more appropriate.Using a user defined network is very important. This will help in isolating all the containers that are to be proxied, along with enabling the reverse proxy container to forward the clients to their desired/intended containers and also let the containers communicate with each other (Which is not possible with the default bridge network unlessicc
is set totrue
for the daemon).
docker-compose.yml
file that you used before, add the following lines:html
and vhost
volumes sharing are necessary for the ACME Challenge of letsencrypt to be successful. This container will generate the certificates inside /etc/nginx/certs
, in the container. This is why you are sharing this volume with your reverse proxy container. The dhparam
volume will contain the dhparam file. The socket is mounted to detect other containers with a specific environment variable.NGINX_PROXY_CONTAINER
variable points to the reverse proxy container. Set it to the name of the container. The DEFAULT_EMAIL
is the email that'll be used while generating the certificates for each domain/subdomain.depends_on
option is set so that this service waits for the reverse proxy to start first, then and only then, this'll start.net
is set to external because the proxied containers will also have to use this network. And if we leave the network to get created by docker-comspose
, the network name will depend on the current directory. This will create a weirdly named network.docker-compose.yml
file.VIRTUAL_HOST
: for generating the reverse proxy configLETSENCRYPT_HOST
: for generating the necessary certificatesVIRTUAL_PORT
with the port serving the frontend or whichever service you want to get proxied, like '80' or '7765'.DEFAULT_EMAIL
variable and set a specific email address for a specific container/web service's domain/subdomain certificate(s), by setting the email id to the environment variable LETSENCRYPT_EMAIL
. This works on a per-container basis.This is NOT AN IDEAL deployment. The following command is used for demonstrative purpose only.