This battle-tested, production-ready reverse proxy routes incoming requests to the matching containers.
I've basically just rearrangged their code/configs for three reasons:
- to be more modular and concise
- to build and push automatically on dockerhub
- to have a version I can manage separately
Without https (Port 80 of your machine)
With https (Ports 443 and 80 of your machine)
For this to automagically route traffic to your containers you need:
- Attach to
VIRTUAL_PORT defaults to 80 so you can omit it.
VIRTUAL_HOST can be a comma separated list of values.
TIP: You can run many projects on the same machine. Basing on the hostname, the request will be routed to the correct container.
Here shown in docker-compose style, but same applies for regular docker commands.
networks: - my-other-network - front-tier: external: name: front-tier mysql: # ... environment: # ... - VIRTUAL_HOST: mysql.my-beautiful-project.test - VIRTUAL_PORT: 3306 networks: - my-other-network - front-tier backend: # ... environment: # ... - VIRTUAL_HOST: backend.my-beautiful-project.test - VIRTUAL_PORT: 8000 networks: - my-other-network - front-tier frontend: # ... environment: # ... # More than one hostname: - VIRTUAL_HOST: my-beautiful-project.test,frontend.my-beautiful-project.test # `VIRTUAL_PORT` omitted because it's default (80) networks: - my-other-network - front-tier
Machine network configuration
If do not advertise your IP address with a DNS (EG: Locally), you need to edit
/etc/hosts as such:
127.0.0.1 mysql.my-beautiful-project.test 127.0.0.1 my-beautiful-project.test # .... All the other containers you registered to the `front-tier` network in your docker-compose
If you advertise your machine's IP with a DNS (EG: Prod), then everything will work fine.
Following the example above, the frontend container will answer.
The same applies to the following command:
curl -H 'Host: my-beautiful-project.com' <YOUR-MACHINE-IP>
This system is comprised of 3 components:
The first two are required to register containers and route incoming requests. The last one makes up certificates on the fly so you don't have to worry about HTTPS. Or maybe you do