Shared Nginx Gateway

This gateway owns ports 80 and 443 for all projects on this server.

It routes traffic to 4 different containers:

tools.hashtax.io -> hashtax_frontend:3000
tools-api.hashtax.io -> hashtax_backend:5000
hashimpact.io -> hashimpact_frontend:8081
api.hashimpact.io -> hashimpact_backend:8080

1. Network Setup (One-time)

Make sure the shared Docker network exists before starting any app:

docker network create hashtax_network

2. Run Apps

Start the app containers from their respective folders:

cd "$REMOTE_BASE_DIR/hash_tax/hashtax_tools_fe"
docker compose up -d --build

cd "$REMOTE_BASE_DIR/hash_tax/hashtax_be"
docker compose up -d --build

cd "$REMOTE_BASE_DIR/HashImpact/website"
docker compose up -d --build frontend

cd "$REMOTE_BASE_DIR/HashImpact/backend"
docker compose up -d --build backend

HashImpact is split into service-owned compose files:

HashImpact/website/docker-compose.yml owns hashimpact_frontend.
HashImpact/backend/docker-compose.yml owns hashimpact_backend.
Both services must stay attached to the external hashtax_network and keep these aliases, because the gateway routes to hashimpact_frontend:8081 and hashimpact_backend:8080.

3. Run Gateway & SSL Setup

Go to this nginx_gateway folder:

cd "$REMOTE_BASE_DIR/nginx_gateway"

Run the automated script to issue all SSL certificates. This script will:

Start Nginx in HTTP-only mode to pass the ACME challenges.
Use Certbot to fetch certificates for all domains.
Automatically activate the HTTPS .ssl.conf.disabled templates.
Reload Nginx.

bash issue_all_ssl.sh hello@hashtax.io

4. SSL Auto-Renewal (Cron Job)

To make sure your SSL certificates renew automatically, add this to your live server's cron jobs:

crontab -e

Add this line at the bottom to run the renewal check every day at 3 AM:

0 3 * * * cd "$REMOTE_BASE_DIR/nginx_gateway" && bash renew_ssl.sh >> /var/log/ssl_renew.log 2>&1

Config Architecture

conf.d/hashimpact.conf and conf.d/tools.conf are the active configs.
conf.d/*.http.conf.disabled are HTTP-only templates used for first-time ACME challenges.
conf.d/*.ssl.conf.disabled are the HTTPS templates that issue_all_ssl.sh automatically copies and activates.
00-resolver.conf helps Nginx dynamically resolve container IPs when containers restart.

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
conf.d		conf.d
README.md		README.md
activate_existing_ssl.sh		activate_existing_ssl.sh
check_upstreams.sh		check_upstreams.sh
debug_gateway.sh		debug_gateway.sh
docker-compose.yml		docker-compose.yml
issue_all_ssl.sh		issue_all_ssl.sh
renew_ssl.sh		renew_ssl.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Shared Nginx Gateway

1. Network Setup (One-time)

2. Run Apps

3. Run Gateway & SSL Setup

4. SSL Auto-Renewal (Cron Job)

Config Architecture

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Shared Nginx Gateway

1. Network Setup (One-time)

2. Run Apps

3. Run Gateway & SSL Setup

4. SSL Auto-Renewal (Cron Job)

Config Architecture

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages