Chris Smith a106c24597 Move Let's Encrypt service to overrides entirely. | 6年前 | |
---|---|---|
extra | 6年前 | |
.gitignore | 8年前 | |
README.md | 6年前 | |
docker-compose.override.generic.yml | 6年前 | |
docker-compose.override.http.yml | 6年前 | |
docker-compose.override.lexicon.yml | 6年前 | |
docker-compose.override.mydnshost.yml | 6年前 | |
docker-compose.yml | 6年前 |
This repository contains the docker-compose.yml
file used to bring up
a collection of containers that will provide automatic reverse proxying
and SSL termination for other docker containers.
More details will be added here in due course. For now, the full process is described in this blog post.
This repository contains configuration for four different methods of obtaining Let’s Encrypt certificates:
docker-compose.override.generic.yml
- a generic solution for obtaining
certificates using DNS entries. You must supply a
Dehydrated hook that will add and
remove DNS entries as needed.docker-compose.override.lexicon.yml
- uses the
Lexicon library to perform DNS updates
for major cloud DNS providers.docker-compose.override.mydnshost.yml
- uses the
MyDNSHost API to perform DNS updates for domains
hosted theredocker-compose.override.http.yml
- performs a HTTP challenge instead of
using DNS, saving the response to disk so it can be served by Nginx.To get started:
docker-compose up -d
If you have existing containers with the appropriate labels, the certificates will be requested for them straight away, and proxy rules added. To launch a new container and have it be proxied, add the following labels:
com.chameth.proxy=<port>
com.chameth.proxy.protocol=<protocol> # defaults to http
com.chameth.vhost=<primary vhost>,<secondary vhost>,<...>
For example:
docker run \
--label com.chameth.proxy=80 \
--label com.chameth.vhost=example.domain.com \
tutum/hello-world
It may take a minute or two for the certificate to be obtained and for
Nginx to be reconfigured. You can see output from the various tools
by running docker-compose logs -f
.
Out of the box, the Nginx server will only handle HTTPS requests, with a very minimal config. The extra directory contains some additional configuration snippets which may potentially be useful.
Once you have the services running, you can copy additional config using the cp command:
docker cp file.conf autoproxy_nginx:/etc/nginx/conf.d/
The following config files are available in the extra directory:
If you’re serving static content, it’s not desirable to have lots of instances of nginx running just to handle requests from the proxy.
I recommend using GoStatic to host static content. This is a very small image that runs a very small Go binary to serve the files. You can use it in a docker-compose file like so:
---
version: '2'
services:
www:
image: pierrezemb/gostatic:latest
command:
- --forceHTTP
labels:
com.chameth.vhost: 'example.com'
com.chameth.proxy: '8043'
volumes:
- ./www:/srv/http