I wrote about this on my blog: https://blog.cedricblondeau.com/2016/08/21/h2o-docker-reverse-proxy/.
- Ansible 2.1+
- A docker-enabled target
First, clone this repository in your roles path (usually in a
roles directory alongside your playbook)
under the name
git submodule add https://github.com/cedricblondeau/ansible-role-h2o-docker-proxy-letsencrypt roles/h2o-docker-proxy-letsencrypt
Then, configure (
letsencrypt_email is the only mandatory variable) and add the role to your playbook:
--- - name: Set up an automated H2O proxy for docker containers with automatic creation of Let's Encrypt certificates hosts: all become: true vars: letsencrypt_email: firstname.lastname@example.org roles: - h2o-docker-proxy-letsencrypt
Finally, execute your playbook and deploy your apps.
docker pull training/webapp docker run -d --name training_webapp -e "VIRTUAL_HOST=webapp.dev" training/webapp
The VIRTUAL_HOST environment variable is mandatory and is used for:
- Routing the HTTP requests to the containers
- Creating Let's encrypt certificates
The containers being proxied must expose the port to be proxied, either by using the EXPOSE directive in their Dockerfile or by using the --expose flag to docker run or docker create.
If your container exposes multiple ports, the role will default to the service running on port 80. If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.
The role uses two separated docker images:
If you want to build the images yourself you can easily override the repositories:
h2o_image: lkwg82/h2o-http2-server letsencrypt_image: cedricbl/letsencrypt-webroot
This role can easily be tested using Vagrant:
Vagrant.configure(2) do |config| # Base config config.vm.box = "cedricblondeau/ubuntu-xenial64-docker" config.vm.hostname = "h2o-docker-proxy-devbox" config.vm.network "private_network", ip: "192.168.33.10" # Provisioning config.vm.provision "ansible" do |ansible| ansible.playbook = "playbook.yml" ansible.verbose = "vvvv" end end