I recently changed a virtual server, and I had to set everything up again. I prefer the site to be accessible over https and for letsencrypt certificates to be obtained and renewed automatically. This can be achieved by using two docker images nginx-proxy and nginx-proxy-companion.
This is a guide on how to set up a site on docker, with a proxy that automatically receives SSL certificates. The CentOS 7 virtual server is used.
I assume that the server has already been purchased, configured, access to it is carried out by key, fail2ban is installed, etc.
First you need to install docker.
- First you need to install the dependencies
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - Connect repository
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Then install docker community edition
$ sudo yum install docker-ce docker-ce-cli containerd.io - Add docker to startup and run
$ sudo systemctl enable docker $ sudo systemctl start docker - Add a user to the docker group in order to be able to run docker without sudo
$ usermod -aG docker user
The next step is to install docker-compose. The utility can be installed in several ways, but I prefer to install through the pip manager and virtualenv, so as not to clog the system with unnecessary packages.
- Install pip
$ sudo yum install python-pip - Install virtualenv
$ pip install virtualenv - Next, you need to create a folder with the project and initialize it. The folder with everything needed for package management will be called ve.
$ mkdir docker $ cd docker $ virtualenv ve - To start using the virtual environment, you need to run the following command in the project folder.
$ source ve/bin/activate - You can install docker-compose.
pip install docker-composeIn order for the containers to see each other, let's create a network. The bridge driver is used by default.
$ docker network create networkNext, you need to configure docker-compose, the proxy will be in the proxy folder, the test site in the test folder. For example, I use the domain name example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlContent proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:environment variable NGINX_PROXY_CONTAINER needed for the letsencrypt container to see the proxy container. The /etc/nginx/certs /etc/nginx/vhost.d and /usr/share/nginx/html folders must be shared by both containers. For the letsencrypt container to work correctly, the application must be available on both 80 and 443 ports.
Content test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]Here, environment variables are needed so that the proxy correctly processes the request to the server and requests a certificate for the correct domain name.
It remains only to run docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: habr.com