|
@@ -1,19 +1,21 @@
|
1
|
1
|
---
|
2
|
2
|
date: 2016-05-21
|
3
|
|
-strapline: It's containers all the way down...
|
4
|
|
-thumbnail: /res/images/docker/logo.thumb.png
|
5
|
3
|
title: Automatic reverse proxying with Docker and nginx
|
6
|
|
-url: /2016/05/21/docker-automatic-nginx-proxy/
|
7
|
|
-aliases: ["/2016/05/21/docker-automatic-nginx-proxy.html"]
|
8
|
|
-image: /res/images/docker/reverse-proxy.png
|
9
|
4
|
description: Automatically retrieve certificates from Let's Encrypt and configure an SSL-terminating reverse proxy based on running containers.
|
10
|
5
|
area: Docker
|
|
6
|
+url: /2016/05/21/docker-automatic-nginx-proxy/
|
|
7
|
+aliases: ["/2016/05/21/docker-automatic-nginx-proxy.html"]
|
|
8
|
+
|
|
9
|
+resources:
|
|
10
|
+ - src: reverse-proxy.png
|
|
11
|
+ name: Diagram showing components of a reverse proxy implementation
|
|
12
|
+ params:
|
|
13
|
+ default: true
|
|
14
|
+ - src: logo.png
|
|
15
|
+ name: The Docker project logo
|
11
|
16
|
---
|
12
|
17
|
|
13
|
|
-<figure class="right">
|
14
|
|
- <img src="/res/images/docker/logo.png" alt="Docker logo">
|
15
|
|
- <figcaption>The Docker project logo</figcaption>
|
16
|
|
-</figure>
|
|
18
|
+{{< figure "right" "The Docker project logo" >}}
|
17
|
19
|
|
18
|
20
|
Over the past few weeks I've gradually been migrating services from running in LXC containers to
|
19
|
21
|
Docker containers. It takes a while to get into the right mindset for Docker - thinking of
|
|
@@ -85,7 +87,7 @@ understand it all.
|
85
|
87
|
|
86
|
88
|
In the end I decided to roll my own solution. Here's a high-level overview of how it all works:
|
87
|
89
|
|
88
|
|
-<img src="/res/images/docker/reverse-proxy.png" alt="Diagram">
|
|
90
|
+{{< img "Diagram showing components of a reverse proxy implementation" >}}
|
89
|
91
|
|
90
|
92
|
As you probably noticed, there are quite a few containers involved. Each one performs a small,
|
91
|
93
|
well-defined task, and its output can easily be inspected in either a volume or a database. I
|
|
@@ -128,7 +130,7 @@ write a domains.txt yourself). It uses `iowait` to watch the domains text file f
|
128
|
130
|
automatically reruns when there are changes. It also runs once a day to renew any certs that are
|
129
|
131
|
coming up for expiry.
|
130
|
132
|
|
131
|
|
-#### service-nginx and nginx.
|
|
133
|
+#### service-nginx and nginx
|
132
|
134
|
|
133
|
135
|
The right fork of the diagram is concerned with nginx. My
|
134
|
136
|
[service-nginx](https://github.com/csmith/docker-service-nginx) container again connects to etcd
|