public
/
docker-automatic-nginx-letsencrypt
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Compose files, instructions and extras for using my automatic proxy containers
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
1 Commit
1 Branch
Struktur: 67ca7077f4
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „67ca7077f4“
${ noResults }
docker-automatic-nginx-lets.../docker-compose.yml

docker-compose.yml 3.9KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. ---

  2. 

  3. # Sets up a series of containers to automatically provision SSL certificates

  4. # and configure nginx for reverse proxying. Containers that should be proxied

  5. # need to be labelled with the following:

  6. #

  7. #   com.chameth.vhost="main.domain.com,alternate.domain.com,alt2.com,..."

  8. #   com.chameth.proxy=80

  9. #   com.chameth.proxy.protocol=http [optional, defaults to http]

  10. #

  11. # To prove ownership of domains to Let's Encrypt, we add a DNS entry when

  12. # required. You will need to configure one of the letsencrypt-* services

  13. # below to make these changes.

  14. 

  15. version: '2'

  16. 

  17. services:

  18. 

  19.   # etcd is a key-value server. We use it to store meta-data about docker

  20.   # containers which is then read by the service containers below.

  21.   #

  22.   # etcd can be distributed and accessed remotely, but this config is for

  23.   # a single node instance.

  24.   etcd:

  25.     image: quay.io/coreos/etcd:v2.3.3

  26.     command: >-

  27.       --name etcd0

  28.       --initial-cluster etcd0=http://127.0.0.1:2380

  29.       --initial-advertise-peer-urls http://127.0.0.1:2380

  30.       --initial-cluster-state new

  31.       --initial-cluster-token etcd-cluster-1

  32.       --bind-addr 0.0.0.0:2379

  33.     networks:

  34.       - etcd-services

  35. 

  36.   # service-reporter interacts with docker (which is why it needs the

  37.   # docker.sock mounted) to get a list of current containers, and

  38.   # monitor when containers are added or removed. It keeps the information

  39.   # in etcd up-to-date.

  40.   reporter:

  41.     image: csmith/service-reporter:latest

  42.     links:

  43.       - etcd:etcd

  44.     volumes:

  45.       - /var/run/docker.sock:/var/run/docker.sock

  46.     networks:

  47.       - etcd-services

  48.     depends_on:

  49.       - etcd

  50. 

  51.   # service-letsencrypt reads a list of vhosts from container labels

  52.   # (via etcd), and prepares a domains.txt file to send on to one of

  53.   # the letsencrypt-* containers below.

  54.   letsencrypt-updater:

  55.     image: csmith/service-letsencrypt:latest

  56.     volumes:

  57.       - letsencrypt-data:/letsencrypt

  58.     networks:

  59.       - etcd-services

  60.     depends_on:

  61.       - etcd

  62. 

  63.   # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying

  64.   # DNS records. It supports several major cloud DNS providers. You

  65.   # need to set the provider and auth tokens below.

  66.   letsencrypt-lexicon:

  67.     image: csmith/letsencrypt-lexicon:latest

  68.     volumes:

  69.       - letsencrypt-data:/letsencrypt

  70.     environment:

  71.       - STAGING=yes

  72.       - EMAIL=your@email.addr

  73.       - PROVIDER=cloudflare

  74.       - LEXICON_CLOUDFLARE_USERNAME=your@email.addr

  75.       - LEXICON_CLOUDFLARE_TOKEN=1234567890123456789012345678901234567890

  76. 

  77.   # letsencrypt-generic uses a user-defined hook to update DNS entries.

  78.   # You need to supply your own hook, available at /dns/hook. See the

  79.   # letsencrypt.sh repo for details about hook arguments.

  80.   #letsencrypt-generic:

  81.   #  image: csmith/letsencrypt-generic:latest

  82.   #  volumes:

  83.   #    - letsencrypt-data:/letsencrypt

  84.   #    - /my/hook/script:/dns/hook

  85.   #  environment:

  86.   #    - STAGING=yes

  87.   #    - EMAIL=your@email.addr

  88. 

  89.   # service-nginx reads proxy information and vhosts from etcd and

  90.   # creates an nginx vhost config to enable SSL-terminated reverse

  91.   # proxying to the containers.

  92.   nginx-updater:

  93.     image: csmith/service-nginx:latest

  94.     volumes:

  95.       - nginx-config:/nginx-config

  96.     networks:

  97.       - etcd-services

  98.     depends_on:

  99.       - etcd

  100. 

  101.   # Finally, nginx is what actually does the SSL termination and

  102.   # reverse proxying. If any containers to be proxied are on

  103.   # non-default networks, you'll need to specify them here and

  104.   # below in the top-level networks section.

  105.   #

  106.   # TODO: Automatically reload config when changed

  107.   # TODO: Redirect HTTP and add proper SSL options

  108.   nginx:

  109.     image: nginx:1.9

  110.     volumes:

  111.       - nginx-config:/etc/nginx/conf.d

  112.       - letsencrypt-data:/letsencrypt

  113.     ports:

  114.       - 80:80

  115.       - 443:443

  116.     networks:

  117.       - default

  118.     # - mynetwork

  119. 

  120. volumes:

  121. 

  122.   letsencrypt-data:

  123. 

  124.   nginx-config:

  125. 

  126. networks:

  127. 

  128.   etcd-services:

  129. 

  130.   # To add pre-existing networks, mark them as 'external':

  131.   #mynetwork:

  132.   #  external: true