public
/
docker-automatic-nginx-letsencrypt
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Compose files, instructions and extras for using my automatic proxy containers
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
14 Incheckningar
1 Gren
Träd: c9b00c87e2
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'c9b00c87e2'
${ noResults }
docker-automatic-nginx-lets.../docker-compose.yml

docker-compose.yml 4.4KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. ---

  2. 

  3. # Sets up a series of containers to automatically provision SSL certificates

  4. # and configure nginx for reverse proxying. Containers that should be proxied

  5. # need to be labelled with the following:

  6. #

  7. #   com.chameth.vhost="main.domain.com,alternate.domain.com,alt2.com,..."

  8. #   com.chameth.proxy=80

  9. #   com.chameth.proxy.protocol=http [optional, defaults to http]

  10. #

  11. # To prove ownership of domains to Let's Encrypt, we add a DNS entry when

  12. # required. This requires you to provide authentication details (e-mail

  13. # address, API key, password, etc). These should be specified in a

  14. # docker-compose.override.yml file.

  15. 

  16. version: '2'

  17. 

  18. services:

  19. 

  20.   # etcd is a key-value server. We use it to store meta-data about docker

  21.   # containers which is then read by the service containers below.

  22.   #

  23.   # etcd can be distributed and accessed remotely, but this config is for

  24.   # a single node instance.

  25.   etcd:

  26.     image: quay.io/coreos/etcd:v2.3.3

  27.     container_name: autoproxy_etcd

  28.     restart: always

  29.     command: >-

  30.       --name etcd0

  31.       --initial-cluster etcd0=http://127.0.0.1:2380

  32.       --initial-advertise-peer-urls http://127.0.0.1:2380

  33.       --initial-cluster-state new

  34.       --initial-cluster-token etcd-cluster-1

  35.       --bind-addr 0.0.0.0:2379

  36.     networks:

  37.       - etcd-services

  38. 

  39.   # service-reporter interacts with docker (which is why it needs the

  40.   # docker.sock mounted) to get a list of current containers, and

  41.   # monitor when containers are added or removed. It keeps the information

  42.   # in etcd up-to-date.

  43.   reporter:

  44.     image: csmith/service-reporter:latest

  45.     container_name: autoproxy_reporter

  46.     restart: always

  47.     links:

  48.       - etcd:etcd

  49.     volumes:

  50.       - /var/run/docker.sock:/var/run/docker.sock

  51.     networks:

  52.       - etcd-services

  53.     depends_on:

  54.       - etcd

  55. 

  56.   # service-letsencrypt reads a list of vhosts from container labels

  57.   # (via etcd), and prepares a domains.txt file to send on to one of

  58.   # the letsencrypt-* containers below.

  59.   letsencrypt-updater:

  60.     image: csmith/service-letsencrypt:latest

  61.     container_name: autoproxy_letsencrypt-updater

  62.     restart: always

  63.     volumes:

  64.       - letsencrypt-data:/letsencrypt

  65.     networks:

  66.       - etcd-services

  67.     depends_on:

  68.       - etcd

  69. 

  70.   # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying

  71.   # DNS records. It supports several major cloud DNS providers.

  72.   letsencrypt-lexicon:

  73.     image: csmith/letsencrypt-lexicon:latest

  74.     container_name: autoproxy_letsencrypt-lexicon

  75.     restart: always

  76.     volumes:

  77.       - letsencrypt-data:/letsencrypt

  78. 

  79.   # letsencrypt-generic uses a user-defined hook to update DNS entries.

  80.   # You need to supply your own hook, available at /dns/hook. See the

  81.   # letsencrypt.sh repo for details about hook arguments.

  82.   #letsencrypt-generic:

  83.   #  image: csmith/letsencrypt-generic:latest

  84.   #  container_name: autoproxy_letsencrypt-generic

  85.   #  restart: always

  86.   #  volumes:

  87.   #    - letsencrypt-data:/letsencrypt

  88.   #    - /my/hook/script:/dns/hook

  89. 

  90.   # service-nginx reads proxy information and vhosts from etcd and

  91.   # creates an nginx vhost config to enable SSL-terminated reverse

  92.   # proxying to the containers.

  93.   nginx-updater:

  94.     image: csmith/service-nginx:latest

  95.     container_name: autoproxy_nginx-updater

  96.     restart: always

  97.     volumes:

  98.       - nginx-config:/nginx-config

  99.     networks:

  100.       - etcd-services

  101.     depends_on:

  102.       - etcd

  103. 

  104.   # Finally, nginx is what actually does the SSL termination and

  105.   # reverse proxying. Because it needs to connect to containers

  106.   # on (potentially) many different networks, we set the

  107.   # network_mode to host.

  108.   nginx:

  109.     image: nginx:1.11

  110.     container_name: autoproxy_nginx

  111.     restart: always

  112.     volumes:

  113.       - nginx-config:/etc/nginx/conf.d

  114.       - letsencrypt-data:/letsencrypt

  115.     ports:

  116.       - 80:80

  117.       - 443:443

  118.     network_mode: host

  119. 

  120.   # We use this container to monitor for nginx config file and SSL cert changes

  121.   # (using inotify) and send nginx a SIGHUP signal.

  122.   nginx-config-hupper:

  123.     image: pstauffer/inotify:latest

  124.     container_name: autoproxy_nginx-config-hupper

  125.     restart: always

  126.     volumes:

  127.       - nginx-config:/monitor/nginx

  128.       - letsencrypt-data:/monitor/letsencrypt

  129.       - /var/run/docker.sock:/var/run/docker.sock

  130.     environment:

  131.       - 'CONTAINER=autoproxy_nginx'

  132.       - 'VOLUMES=/monitor'

  133.       - 'INOTIFY_OPTONS=--monitor --exclude=*.sw[px] --recursive'

  134. 

  135. volumes:

  136. 

  137.   letsencrypt-data:

  138. 

  139.   nginx-config:

  140. 

  141. networks:

  142. 

  143.   etcd-services: