public
/
docker-automatic-nginx-letsencrypt
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Compose files, instructions and extras for using my automatic proxy containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
Tree: 8321eedf03
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8321eedf03'
${ noResults }
docker-automatic-nginx-lets.../docker-compose.yml

docker-compose.yml 4.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. ---

  2. 

  3. # Sets up a series of containers to automatically provision SSL certificates

  4. # and configure nginx for reverse proxying. Containers that should be proxied

  5. # need to be labelled with the following:

  6. #

  7. #   com.chameth.vhost="main.domain.com,alternate.domain.com,alt2.com,..."

  8. #   com.chameth.proxy=80

  9. #   com.chameth.proxy.protocol=http [optional, defaults to http]

  10. #

  11. # To prove ownership of domains to Let's Encrypt, we add a DNS entry when

  12. # required. This requires you to provide authentication details (e-mail

  13. # address, API key, password, etc). These should be specified in a

  14. # docker-compose.override.yml file.

  15. 

  16. version: '2'

  17. 

  18. services:

  19. 

  20.   # etcd is a key-value server. We use it to store meta-data about docker

  21.   # containers which is then read by the service containers below.

  22.   #

  23.   # etcd can be distributed and accessed remotely, but this config is for

  24.   # a single node instance.

  25.   etcd:

  26.     image: quay.io/coreos/etcd:v2.3.3

  27.     container_name: autoproxy_etcd

  28.     restart: always

  29.     command: >-

  30.       --name etcd0

  31.       --initial-cluster etcd0=http://127.0.0.1:2380

  32.       --initial-advertise-peer-urls http://127.0.0.1:2380

  33.       --initial-cluster-state new

  34.       --initial-cluster-token etcd-cluster-1

  35.       --bind-addr 0.0.0.0:2379

  36.     networks:

  37.       - etcd-services

  38. 

  39.   # service-reporter interacts with docker (which is why it needs the

  40.   # docker.sock mounted) to get a list of current containers, and

  41.   # monitor when containers are added or removed. It keeps the information

  42.   # in etcd up-to-date.

  43.   reporter:

  44.     image: csmith/service-reporter:latest

  45.     container_name: autoproxy_reporter

  46.     restart: always

  47.     links:

  48.       - etcd:etcd

  49.     volumes:

  50.       - /var/run/docker.sock:/var/run/docker.sock

  51.     networks:

  52.       - etcd-services

  53.     depends_on:

  54.       - etcd

  55. 

  56.   # service-letsencrypt reads a list of vhosts from container labels

  57.   # (via etcd), and prepares a domains.txt file to send on to one of

  58.   # the letsencrypt-* containers below.

  59.   letsencrypt-updater:

  60.     image: csmith/service-letsencrypt:latest

  61.     container_name: autoproxy_letsencrypt-updater

  62.     restart: always

  63.     volumes:

  64.       - letsencrypt-data:/letsencrypt

  65.     networks:

  66.       - etcd-services

  67.     depends_on:

  68.       - etcd

  69. 

  70.   # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying

  71.   # DNS records. It supports several major cloud DNS providers.

  72.   letsencrypt-lexicon:

  73.     image: csmith/letsencrypt-lexicon:latest

  74.     container_name: autoproxy_letsencrypt-lexicon

  75.     restart: always

  76.     volumes:

  77.       - letsencrypt-data:/letsencrypt

  78. 

  79.   # letsencrypt-generic uses a user-defined hook to update DNS entries.

  80.   # You need to supply your own hook, available at /dns/hook. See the

  81.   # letsencrypt.sh repo for details about hook arguments.

  82.   #letsencrypt-generic:

  83.   #  image: csmith/letsencrypt-generic:latest

  84.   #  container_name: autoproxy_letsencrypt-generic

  85.   #  restart: always

  86.   #  volumes:

  87.   #    - letsencrypt-data:/letsencrypt

  88.   #    - /my/hook/script:/dns/hook

  89. 

  90.   # service-nginx reads proxy information and vhosts from etcd and

  91.   # creates an nginx vhost config to enable SSL-terminated reverse

  92.   # proxying to the containers.

  93.   nginx-updater:

  94.     image: csmith/service-nginx:latest

  95.     container_name: autoproxy_nginx-updater

  96.     restart: always

  97.     volumes:

  98.       - nginx-config:/nginx-config

  99.       - letsencrypt-data:/letsencrypt

  100.     networks:

  101.       - etcd-services

  102.     depends_on:

  103.       - etcd

  104. 

  105.   # Finally, nginx is what actually does the SSL termination and

  106.   # reverse proxying. Because it needs to connect to containers

  107.   # on (potentially) many different networks, we set the

  108.   # network_mode to host.

  109.   nginx:

  110.     image: nginx:1.13

  111.     container_name: autoproxy_nginx

  112.     restart: always

  113.     volumes:

  114.       - nginx-config:/etc/nginx/conf.d

  115.       - letsencrypt-data:/letsencrypt

  116.     ports:

  117.       - 80:80

  118.       - 443:443

  119.     network_mode: host

  120. 

  121.   # We use this container to monitor for nginx config file and SSL cert changes

  122.   # (using inotify) and send nginx a SIGHUP signal.

  123.   nginx-config-hupper:

  124.     image: pstauffer/inotify:latest

  125.     container_name: autoproxy_nginx-config-hupper

  126.     restart: always

  127.     volumes:

  128.       - nginx-config:/monitor/nginx

  129.       - letsencrypt-data:/monitor/letsencrypt

  130.       - /var/run/docker.sock:/var/run/docker.sock

  131.     environment:

  132.       - 'CONTAINER=autoproxy_nginx'

  133.       - 'VOLUMES=/monitor'

  134.       - 'INOTIFY_OPTONS=--monitor --exclude=*.sw[px] --recursive'

  135. 

  136. volumes:

  137. 

  138.   letsencrypt-data:

  139. 

  140.   nginx-config:

  141. 

  142. networks:

  143. 

  144.   etcd-services: