public
/
docker-automatic-nginx-letsencrypt
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Compose files, instructions and extras for using my automatic proxy containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
Tree: 6b01057b01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6b01057b01'
${ noResults }
docker-automatic-nginx-lets.../docker-compose.yml

docker-compose.yml 4.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. ---

  2. 

  3. # Sets up a series of containers to automatically provision SSL certificates

  4. # and configure nginx for reverse proxying. Containers that should be proxied

  5. # need to be labelled with the following:

  6. #

  7. #   com.chameth.vhost="main.domain.com,alternate.domain.com,alt2.com,..."

  8. #   com.chameth.proxy=80

  9. #   com.chameth.proxy.protocol=http [optional, defaults to http]

  10. #

  11. # To prove ownership of domains to Let's Encrypt, we add a DNS entry when

  12. # required. You will need to configure one of the letsencrypt-* services

  13. # below to make these changes.

  14. 

  15. version: '2'

  16. 

  17. services:

  18. 

  19.   # etcd is a key-value server. We use it to store meta-data about docker

  20.   # containers which is then read by the service containers below.

  21.   #

  22.   # etcd can be distributed and accessed remotely, but this config is for

  23.   # a single node instance.

  24.   etcd:

  25.     image: quay.io/coreos/etcd:v2.3.3

  26.     container_name: autoproxy_etcd

  27.     restart: always

  28.     command: >-

  29.       --name etcd0

  30.       --initial-cluster etcd0=http://127.0.0.1:2380

  31.       --initial-advertise-peer-urls http://127.0.0.1:2380

  32.       --initial-cluster-state new

  33.       --initial-cluster-token etcd-cluster-1

  34.       --bind-addr 0.0.0.0:2379

  35.     networks:

  36.       - etcd-services

  37. 

  38.   # service-reporter interacts with docker (which is why it needs the

  39.   # docker.sock mounted) to get a list of current containers, and

  40.   # monitor when containers are added or removed. It keeps the information

  41.   # in etcd up-to-date.

  42.   reporter:

  43.     image: csmith/service-reporter:latest

  44.     container_name: autoproxy_reporter

  45.     restart: always

  46.     links:

  47.       - etcd:etcd

  48.     volumes:

  49.       - /var/run/docker.sock:/var/run/docker.sock

  50.     networks:

  51.       - etcd-services

  52.     depends_on:

  53.       - etcd

  54. 

  55.   # service-letsencrypt reads a list of vhosts from container labels

  56.   # (via etcd), and prepares a domains.txt file to send on to one of

  57.   # the letsencrypt-* containers below.

  58.   letsencrypt-updater:

  59.     image: csmith/service-letsencrypt:latest

  60.     container_name: autoproxy_letsencrypt-updater

  61.     restart: always

  62.     volumes:

  63.       - letsencrypt-data:/letsencrypt

  64.     networks:

  65.       - etcd-services

  66.     depends_on:

  67.       - etcd

  68. 

  69.   # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying

  70.   # DNS records. It supports several major cloud DNS providers. You

  71.   # need to set the provider and auth tokens below.

  72.   letsencrypt-lexicon:

  73.     image: csmith/letsencrypt-lexicon:latest

  74.     container_name: autoproxy_letsencrypt-lexicon

  75.     restart: always

  76.     volumes:

  77.       - letsencrypt-data:/letsencrypt

  78.     environment:

  79.       - STAGING=yes

  80.       - EMAIL=your@email.addr

  81.       - PROVIDER=cloudflare

  82.       - LEXICON_CLOUDFLARE_USERNAME=your@email.addr

  83.       - LEXICON_CLOUDFLARE_TOKEN=1234567890123456789012345678901234567890

  84. 

  85.   # letsencrypt-generic uses a user-defined hook to update DNS entries.

  86.   # You need to supply your own hook, available at /dns/hook. See the

  87.   # letsencrypt.sh repo for details about hook arguments.

  88.   #letsencrypt-generic:

  89.   #  image: csmith/letsencrypt-generic:latest

  90.   #  container_name: autoproxy_letsencrypt-generic

  91.   #  restart: always

  92.   #  volumes:

  93.   #    - letsencrypt-data:/letsencrypt

  94.   #    - /my/hook/script:/dns/hook

  95.   #  environment:

  96.   #    - STAGING=yes

  97.   #    - EMAIL=your@email.addr

  98. 

  99.   # service-nginx reads proxy information and vhosts from etcd and

  100.   # creates an nginx vhost config to enable SSL-terminated reverse

  101.   # proxying to the containers.

  102.   nginx-updater:

  103.     image: csmith/service-nginx:latest

  104.     container_name: autoproxy_nginx-updater

  105.     restart: always

  106.     volumes:

  107.       - nginx-config:/nginx-config

  108.     networks:

  109.       - etcd-services

  110.     depends_on:

  111.       - etcd

  112. 

  113.   # Finally, nginx is what actually does the SSL termination and

  114.   # reverse proxying. Because it needs to connect to containers

  115.   # on (potentially) many different networks, we set the

  116.   # network_mode to host.

  117.   nginx:

  118.     image: nginx:1.11

  119.     container_name: autoproxy_nginx

  120.     restart: always

  121.     volumes:

  122.       - nginx-config:/etc/nginx/conf.d

  123.       - letsencrypt-data:/letsencrypt

  124.     ports:

  125.       - 80:80

  126.       - 443:443

  127.     network_mode: host

  128. 

  129.   # We use inotify-signal-container to monitor for nginx config

  130.   # file and SSL cert changes (using inotify) and send nginx a

  131.   # SIGHUP signal.

  132.   nginx-config-hupper:

  133.     image: masm/inotify-signal-container:latest

  134.     container_name: autoproxy_nginx-config-hupper

  135.     restart: always

  136.     volumes:

  137.       - nginx-config:/monitor/nginx

  138.       - letsencrypt-data:/monitor/letsencrypt

  139.       - /var/run/docker.sock:/var/run/docker.sock

  140.     command:

  141.       - autoproxy_nginx

  142.       - SIGHUP

  143.       - /monitor

  144. 

  145. volumes:

  146. 

  147.   letsencrypt-data:

  148. 

  149.   nginx-config:

  150. 

  151. networks:

  152. 

  153.   etcd-services: