diff --git a/docker-image/README.md b/docker-image/README.md index d915e7607..732a9944d 100644 --- a/docker-image/README.md +++ b/docker-image/README.md @@ -42,6 +42,13 @@ When using nginx to proxy HTTPS connections to Solid you will need to specify HT This approach is useful if you do not wish to grant Solid access to your HTTPS certificates, as nginx does not validate the self-signed certificates that Solid generates for its proxy_pass connection. +#### All-in one nginx proxy + letsencrypt + solid server + +`./examples/docker-compose.all-in-one.yml` + +Run solid-server on port 8443 behind a [nginx proxy](https://hub.docker.com/r/jwilder/nginx-proxy/) on 443, including +certificate generation via [letsencrypt companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion). + #### Other setups The setup you need is not presented here? Feel free to ask, or provide a Pull Request diff --git a/docker-image/examples/docker-compose.all-in-one.yml b/docker-image/examples/docker-compose.all-in-one.yml new file mode 100644 index 000000000..4a5651e67 --- /dev/null +++ b/docker-image/examples/docker-compose.all-in-one.yml @@ -0,0 +1,76 @@ +# This example assumes, that you are not running another application or proxy on ports 80 / 443. +# It provides an all-in-one solution to start a docker-server together with an nginx proxy and +# automatic letsencrypt certificate generation and renewal. +# +# It is based on https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Docker-Compose.md +# +# Adjust any line that is commented with (!): +# 1. Change any occurrence of the domain `solid.example` to your actual domain +# 2. Adjust the `latest` tag to a specific version you want to use. + +version: '3.7' +services: + nginx: + container_name: nginx + image: jwilder/nginx-proxy:latest + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - nginx-conf:/etc/nginx/conf.d + - vhostd:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:ro + + letsencrypt: + container_name: letsencrypt + image: jrcs/letsencrypt-nginx-proxy-companion:latest + restart: always + environment: + - "NGINX_PROXY_CONTAINER=nginx" + volumes: + - nginx-conf:/etc/nginx/conf.d + - vhostd:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs + + server: + image: nodesolidserver/node-solid-server:latest # (!) use specific version tag here + + # this ensures automatic container start, when host reboots + restart: always + + expose: + - 8443 + + volumes: + # mount local directories to the container + # (!) the host directories have to exist and be owned by UID 1000 + - /opt/solid/data:/opt/solid/data + - /opt/solid/.db:/opt/solid/.db + - /opt/solid/config:/opt/solid/config + - certs:/opt/solid/certs + + environment: + # (!) use your actual SOLID_SERVER_URI + - "SOLID_SERVER_URI=https://solid.example" + # (!) adjust path to the letsencrypt key and cert + - "SOLID_SSL_KEY=/opt/solid/certs/solid.example/key.pem" + - "SOLID_SSL_CERT=/opt/solid/certs/solid.example/fullchain.pem" + # (!) use your actual host name + - "VIRTUAL_HOST=solid.example" + - "VIRTUAL_PORT=8443" + - "VIRTUAL_PROTO=https" + # (!) use your actual host name + - "LETSENCRYPT_HOST=solid.example" + # (!) use your actual email + - "LETSENCRYPT_EMAIL=your@mail.example" + +volumes: + nginx-conf: + vhostd: + html: + certs: diff --git a/docker-image/examples/docker-compose.nginx.yml b/docker-image/examples/docker-compose.nginx.yml index 34b42bc2a..93b5d1b79 100644 --- a/docker-image/examples/docker-compose.nginx.yml +++ b/docker-image/examples/docker-compose.nginx.yml @@ -43,6 +43,7 @@ services: - "VIRTUAL_PROTO=https" # (!) use your actual host name - "LETSENCRYPT_HOST=solid.example" + # (!) use your actual email - "LETSENCRYPT_EMAIL=your@mail.example" volumes: # (!) mount certificates from an external volume from your nginx setup