Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recommended configuration w/ docker-compose #552

Open
corradio opened this issue Aug 30, 2016 · 12 comments

Comments

@corradio
Copy link

@corradio corradio commented Aug 30, 2016

Hi,

I have several stacks (i.e. applications) running on a server based on multiple docker-compose configurations. They all, by default, run on their own bridge network.
What is the recommended way of running the nginx-proxy? I tried to run it on the host network, but it didn't work (it creates empty upstream sections).
The only workaround I found for now is to have both the proxy and the different backends join the same default bridge network.

@RafaelKr

This comment has been minimized.

Copy link

@RafaelKr RafaelKr commented Aug 31, 2016

This is my current solution:

version: '2'

services:
    example:
        image: RafaelKr/apache
        networks:
            - example
            - nginx-proxy
        restart: unless-stopped
        environment:
            VIRTUAL_HOST: "www.example.dev"
        volumes:
            - "./src:/var/www:ro"

networks:
    example:
    nginx-proxy:
        external:
            name: nginxproxy_default

This works, but I don't know, if this is a recommended way.

@corradio

This comment has been minimized.

Copy link
Author

@corradio corradio commented Sep 1, 2016

Thanks, that's the best I have for now :)

@RafaelKr

This comment has been minimized.

Copy link

@RafaelKr RafaelKr commented Sep 1, 2016

Here I also have my configuration I'm using for WordPress:

version: '2'

services:
    db:
        image: mariadb
        restart: unless-stopped
        environment:
            MYSQL_ROOT_PASSWORD: "change_me"
            MYSQL_DATABASE: "change_me"
            MYSQL_USER: "change_me"
            MYSQL_PASSWORD: "change_me"
        networks:
            - change_me_net
        volumes:
            - ../data/docker/db:/var/lib/mysql

    wordpress:
        depends_on:
            - db
        image: RafaelKr/wordpress
        restart: unless-stopped
        hostname: change_me
        environment:
            VIRTUAL_HOST: www.change_me.dev
            WORDPRESS_DB_HOST: maria.db
            WORDPRESS_DB_NAME: "change_me"
            WORDPRESS_DB_USER: "change_me"
            WORDPRESS_DB_PASSWORD: "change_me"
            WORDPRESS_TABLE_PREFIX: "change_me"
        networks:
            - change_me_net
            - nginx-proxy
        links:
            - db:maria.db
        volumes:
            - ../data/docker/wordpress:/var/www/html
            - ./src/themes:/var/www/html/wp-content/themes:ro
            - ../data/docker/logs:/var/log/apache2

networks:
    change_me_net:
    nginx-proxy:
        external:
            name: nginxproxy_default

There you can see, that I have one network for the apps internal communication (change_me_net) and for the services which should be available through a Virtual Host I also add the network nginx-proxy.

Hope this helps you and maybe some others. :)

@CWSpear

This comment has been minimized.

Copy link

@CWSpear CWSpear commented Oct 19, 2016

Is there an advantage to @RafaelKr's technique over just setting nginx-proxy's to the default?

networks:
  default:
    external:
      name: nginxproxy_default

Then you don't need a networks entry under any of the services. i.e., take @RafaelKr's example and change it thusly:

version: '2'

services:
    db:
        image: mariadb
        restart: unless-stopped
        environment:
            MYSQL_ROOT_PASSWORD: "change_me"
            MYSQL_DATABASE: "change_me"
            MYSQL_USER: "change_me"
            MYSQL_PASSWORD: "change_me"
        volumes:
            - ../data/docker/db:/var/lib/mysql

    wordpress:
        depends_on:
            - db
        image: RafaelKr/wordpress
        restart: unless-stopped
        hostname: change_me
        environment:
            VIRTUAL_HOST: www.change_me.dev
            WORDPRESS_DB_HOST: maria.db
            WORDPRESS_DB_NAME: "change_me"
            WORDPRESS_DB_USER: "change_me"
            WORDPRESS_DB_PASSWORD: "change_me"
            WORDPRESS_TABLE_PREFIX: "change_me"
        links:
            - db:maria.db
        volumes:
            - ../data/docker/wordpress:/var/www/html
            - ./src/themes:/var/www/html/wp-content/themes:ro
            - ../data/docker/logs:/var/log/apache2

networks:
    default:
        external:
            name: nginxproxy_default

Edit: I mean, I guess there is a security concern: now db has access to the network of other containers on nginxproxy_default whereas it didn't before.

@mausquirk

This comment has been minimized.

Copy link

@mausquirk mausquirk commented Jan 8, 2017

To understand the complete picture: Can you also publish the docker-compose-file for the proxy itself?

@CWSpear

This comment has been minimized.

Copy link

@CWSpear CWSpear commented Jan 9, 2017

@mausquirk

version: '2'

services:
  nginx-proxy:
    restart: always
    image: jwilder/nginx-proxy
    ports:
      - 80:80
    networks:
      - nginxproxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro

# this creates a network we can connect to in other docker-compose 
# files called `nginxproxy_default` as an *external* network (see other comment) 
networks:
  nginxproxy:

You can add in automatic SSL via Lets Encrypt with something like:

version: '2'

services:
  nginx-proxy:
    restart: always
    image: jwilder/nginx-proxy
    container_name: proxy_nginx-proxy
    ports:
      - 80:80
      - 443:443
    networks:
      - nginxproxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/nginx/vhost.d
      - /usr/share/nginx/html
      - /data/letsencrypt-nginx-proxy-companion/certs/:/etc/nginx/certs:ro

  letsencrypt-nginx-proxy-companion:
    restart: always
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: proxy_letsencrypt-nginx-proxy-companion
    volumes_from:
      - nginx-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /data/letsencrypt-nginx-proxy-companion/certs/:/etc/nginx/certs:rw

networks:
  nginxproxy:
@murbanowicz

This comment has been minimized.

Copy link

@murbanowicz murbanowicz commented Feb 15, 2017

Hi Gents,
I spent like 2 hrs trying to sort it out by myself but I can't find the way.

I am using docker-compose for nginx-proxy and letsencrypt companion together.

This is my docker-compose.yml for them:

version: '2'                                                                                                             
                                                                                                                         
services:                                                                                                                
  nginx-proxy:                                                                                                           
    restart: always                                                                                                      
    image: jwilder/nginx-proxy                                                                                           
    container_name: proxy_nginx-proxy                                                                                    
    ports:                                                                                                               
      - 80:80                                                                                                            
      - 443:443                                                                                                          
    networks:                                                                                                            
      - nginxproxy                                                                                                       
    volumes:                                                                                                             
      - /var/run/docker.sock:/tmp/docker.sock:ro                                                                         
      - /etc/nginx/vhost.d                                                                                               
      - /usr/share/nginx/html                                                                                            
      - /data/letsencrypt-nginx-proxy-companion/certs/:/etc/nginx/certs:ro                                               
                                                                                                                         
  letsencrypt-nginx-proxy-companion:                                                                                     
networks:
      - nginxproxy                                                                                                       
    restart: always                                                                                                      
    image: jrcs/letsencrypt-nginx-proxy-companion                                                                        
    container_name: proxy_letsencrypt-nginx-proxy-companion                                                              
    volumes_from:                                                                                                        
      - nginx-proxy                                                                                                      
    volumes:                                                                                                             
      - /var/run/docker.sock:/var/run/docker.sock:ro                                                                     
      - /data/letsencrypt-nginx-proxy-companion/certs/:/etc/nginx/certs:rw           

networks:                                                                                                                
  nginxproxy:                                                                                                            
    external:                                                                                                            
      name: nginxproxy     

Not sure if it is working really correctly as calling my VPS IP giving nginx 503 error.

Going further I have my wordpress container.

version: '2'                                                                                                             
                                                                                                                         
services:                                                                                                                
  db:                                                                                                                    
    image: mysql:8                                                                                                       
    volumes:                                                                                                             
      - /var/docker-images/neopolis/mysql:/var/lib/mysql                                                                 
    restart: always                                                                                                      
    environment:                                                                                                         
      MYSQL_ROOT_PASSWORD: pass                                                                              
      MYSQL_DATABASE: wp_neopolis                                                                                        
      MYSQL_USER: neopolis                                                                                               
      MYSQL_PASSWORD: pass                                                                                  
                                                                                                                         
  wordpress:                                                                                                             
    depends_on:                                                                                                          
      - db                                                                                                               
    image: wordpress:latest                                                                                              
    hostname: mydomain.com 
networks:                                                                                                            
      - nginxproxy                                                                                                       
    links:                                                                                                               
       - db                                                                                                              
    expose:                                                                                                              
      - "80"                                                                                                             
    ports:                                                                                                               
      - "127.0.0.1:8080:80"                                                                                              
    restart: always                                                                                                      
    environment:                    
    VIRTUAL_HOST: mydomain.com                                                                                          
      WORDPRESS_DB_NAME: wp_neopolis                                                                                     
      WORDPRESS_DB_HOST: db:3306                                                                                         
      WORDPRESS_DB_PASSWORD: pass                                                                            
    volumes:                                                                                                             
      - /var/www/neopolis:/var/www/html/                                                                                 
                                                                                                                         
networks:                                                                                                                
  nginxproxy:                                                                                                            
    external:              
     name: nginxproxy  

When I check nginx conf in nginx-proxy container, I see upstream but port never changes no matter what I put in expose or porst. I was trying many different combinations, always getting error (connection refused, not nginx page).

It redirects from http to https so something is happening but nothing correct...

@CWSpear

volumes_from:
      - nginx-proxy

shouldn't it be :

volumes_from:
      - proxy_nginx-proxy

?

@TeoTN

This comment has been minimized.

Copy link

@TeoTN TeoTN commented Nov 16, 2017

I just wonder... how is this even possible that noone cares about this issue for a year now?

@pqvst

This comment has been minimized.

Copy link

@pqvst pqvst commented Nov 17, 2017

There seem to be two different issues here.

1. General docker-compose issues:

I found this repo, and it works flawlessly for me:
https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion

2. Run multiple applications on the same server with one proxy:

Unfortunately this is a docker-compose limitation. I've put together a simple example demonstrating how I've solved it (based on the above solution):
https://github.com/pqvst/multi-app-docker-compose-letsencrypt-nginx-proxy

@j16sdiz

This comment has been minimized.

Copy link

@j16sdiz j16sdiz commented Apr 10, 2018

Since the nginx-proxy have access to the /var/run/docker.sock already, can we have the nginx-docker connect to some network automatically?

There are codes in https://github.com/jwilder/nginx-proxy/blob/master/test/conftest.py already, can we reuse the code?

@kimonoki

This comment has been minimized.

Copy link

@kimonoki kimonoki commented Apr 12, 2018

I'm trying to make docker-compose work with other docker containers. Is there a way to setup this?

@HasBert

This comment has been minimized.

Copy link

@HasBert HasBert commented Jun 28, 2019

For anyone who's interested using docker-compose v3+ with nginx-proxy and docker-letsencrypt-nginx-proxy-companion and have problems setting up a container on https, here is a sample docker-compose.yml project.

Unlike if you start your containers with docker run command the docker-letsencrypt-nginx-proxy-companion container doesn't know the id of the nginx-proxy container, so you have to pass the container name (id) in an environment variable to docker-letsencrypt-nginx-proxy-companion. Like that:

version: '3.7'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ....

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-letsencrypt
    ....
    environment: 
      NGINX_PROXY_CONTAINER: nginx-proxy

In docker-compsoe v3+ we also have the problem, that the volumes_from tag is not available anymore, so you need to setup named volumes. Check out my working docker-compose.yml file. As a application which should be hosted under https I choose phpmyadmin for testing purpose.
NOTE: you need to create a network beforehand with docker network create nginx-proxy.

version: '3.7'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-letsencrypt
    restart: always
    volumes:
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment: 
      NGINX_PROXY_CONTAINER: nginx-proxy

  phpmyadmin:
    image: phpmyadmin/phpmyadmin
    depends_on: 
      - nginx-letsencrypt
      - nginx-proxy
    expose: 
      - 80
    environment:
      MYSQL_ROOT_PASSWORD: super_password
      VIRTUAL_HOST: your.dns.domain
      LETSENCRYPT_HOST: your.dns.domain

volumes:
  conf:
  vhost:
  html:
  certs:

networks:
  default:
    external:
      name: nginx-proxy

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.