I'm using jwilder/nginx-proxy with separate docker-compose.yaml. It looks like this:
proxy:
image: jwilder/nginx-proxy
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx/conf.d/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro
- /Users/marcin/Docker/local_share/certificates:/etc/nginx/certs:ro
ports:
- "80:80"
- "443:443"
container_name: proxy
I'm using it for quite a long time and it's working fine when my project docker-compose.yaml looks like this:
web:
build: /Users/marcin/Docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /Users/marcin/Docker/projects/test.local/html/:/usr/share/nginx/html/
- /Users/marcin/Docker/projects/test.local/nginx/conf.d/:/etc/nginx/conf.d/
- /Users/marcin/Docker/projects/test.local/nginx/log/:/var/log/nginx/
- /Users/marcin/Docker/projects/test.local/supervisor/conf.d/:/etc/supervisor/conf.d/
- /Users/marcin/Docker/projects/test.local/supervisor/log/:/var/log/supervisor/
- /Users/marcin/Docker/projects/test.local/cron/:/root/.cron/
- /Users/marcin/Docker/local_share/:/root/.local_share/
- /Users/marcin/Docker/local_share/certificates/:/usr/share/nginx/certificates/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: test.php
hostname: test.local
ports:
- "336:22"
- "8081:80"
- "18080:443"
environment:
- VIRTUAL_HOST=test.local
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/Docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /Users/marcin/Docker/projects/test.local/mysql/data/:/var/lib/mysql/
- /Users/marcin/Docker/projects/test.local/mysql/conf.d/:/etc/mysql/conf.d/source
- /Users/marcin/Docker/projects/test.local/mysql/log/:/var/log/mysql/
ports:
- "33060:3306"
container_name: test.db
hostname: test.local
I can access site without any problem using http://test.local or https://test.local what is expected.
However I had to update my file structure to newer version:
version: "3.2"
services:
web:
build: /Users/marcin/Docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /Users/marcin/Docker/projects/test.local/html/:/usr/share/nginx/html/
- /Users/marcin/Docker/projects/test.local/nginx/conf.d/:/etc/nginx/conf.d/
- /Users/marcin/Docker/projects/test.local/nginx/log/:/var/log/nginx/
- /Users/marcin/Docker/projects/test.local/supervisor/conf.d/:/etc/supervisor/conf.d/
- /Users/marcin/Docker/projects/test.local/supervisor/log/:/var/log/supervisor/
- /Users/marcin/Docker/projects/test.local/cron/:/root/.cron/
- /Users/marcin/Docker/local_share/:/root/.local_share/
- /Users/marcin/Docker/local_share/certificates/:/usr/share/nginx/certificates/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: test.php
hostname: test.local
ports:
- "336:22"
- "8081:80"
- "18080:443"
environment:
- VIRTUAL_HOST=test.local
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/Docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /Users/marcin/Docker/projects/test.local/mysql/data/:/var/lib/mysql/
- /Users/marcin/Docker/projects/test.local/mysql/conf.d/:/etc/mysql/conf.d/source
- /Users/marcin/Docker/projects/test.local/mysql/log/:/var/log/mysql/
ports:
- "33060:3306"
container_name: test.db
hostname: test.local
and after that it seems not to work. I can access site using ip and port without a problem, but I cannot longer use domain to access it. When I try I'm getting:
503 Service Temporarily Unavailable
nginx/1.13.8
And this is for sure from jwilder nginx (and not the nginx in project).
So the question is - where should I put environment variables to make it work? It seems that when they are placed as they are at the moment they are not read by proxy.
The 503 indicates that the nginx-proxy container can see your container running in docker and it has the configuration needed for nginx to route traffic to it, but it is unable to connect to that container over the docker network. For container-to-container networking to work, you need to have a common docker network defined. You should first run the following to create a network:
docker network create proxy
Then update your nginx-proxy compose file to use the network (this should also be upgraded to at least a v2 syntax, I've gone with 3.2 to match your other file):
version: "3.2"
networks:
proxy:
external: true
services:
proxy:
image: jwilder/nginx-proxy
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx/conf.d/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro
- /Users/marcin/Docker/local_share/certificates:/etc/nginx/certs:ro
ports:
- "80:80"
- "443:443"
container_name: proxy
networks:
- proxy
And then do something similar for your application:
version: "3.2"
networks:
proxy:
external: true
services:
web:
build: /Users/marcin/Docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /Users/marcin/Docker/projects/test.local/html/:/usr/share/nginx/html/
- /Users/marcin/Docker/projects/test.local/nginx/conf.d/:/etc/nginx/conf.d/
- /Users/marcin/Docker/projects/test.local/nginx/log/:/var/log/nginx/
- /Users/marcin/Docker/projects/test.local/supervisor/conf.d/:/etc/supervisor/conf.d/
- /Users/marcin/Docker/projects/test.local/supervisor/log/:/var/log/supervisor/
- /Users/marcin/Docker/projects/test.local/cron/:/root/.cron/
- /Users/marcin/Docker/local_share/:/root/.local_share/
- /Users/marcin/Docker/local_share/certificates/:/usr/share/nginx/certificates/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: test.php
hostname: test.local
ports:
- "336:22"
- "8081:80"
- "18080:443"
environment:
- VIRTUAL_HOST=test.local
- CERT_NAME=default
- HTTPS_METHOD=noredirect
networks:
- proxy
- default
db:
build: /Users/marcin/Docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /Users/marcin/Docker/projects/test.local/mysql/data/:/var/lib/mysql/
- /Users/marcin/Docker/projects/test.local/mysql/conf.d/:/etc/mysql/conf.d/source
- /Users/marcin/Docker/projects/test.local/mysql/log/:/var/log/mysql/
ports:
- "33060:3306"
container_name: test.db
hostname: test.local
If you were upgrading from a v1 syntax (without a version defined), you will find that docker switches from running everything on the same network without dns to running each compose project or stack on a dedicated network with dns. To run your apps on other networks, you'll need to explicitly configure that. In the above example, only the web container was placed on the proxy network, and both are on the default network created for this project or stack.
Related
I'm trying to setup docker networks with traefik on an existing website.
Before my tries, it had this:
version: "3"
services:
database:
build:
context: ./database
environment:
MYSQL_DATABASE: '${MYSQL_DATABASE}'
MYSQL_USER: '${MYSQL_USER}'
MYSQL_PASSWORD: '${MYSQL_PASSWORD}'
MYSQL_ROOT_PASSWORD: '${MYSQL_ROOT_PASSWORD}'
volumes:
- ./database/data:/var/lib/mysql
restart: always
php-http:
build:
context: ../
dockerfile: ./docker/php-apache/Dockerfile
args:
MAIN_DOMAIN: '${MAIN_DOMAIN}'
ALL_DOMAINS: '${ALL_DOMAINS}'
PROJECT_FOLDER_NAME: '${PROJECT_FOLDER_NAME}'
WEBSITE_USER_PASSWORD: '${WEBSITE_USER_PASSWORD}'
depends_on:
- database
- mailserver
volumes:
- ./apachelogs:/var/log/apache2
- ./apachelogs/auth.log:/var/log/auth.log
- './symfonylogs:/var/www/html/mywebsite/var/log/'
labels:
- traefik.http.routers.php-http.tls=true
- traefik.http.routers.php-http.tls.certresolver=letsencrypt
- traefik.http.services.php-http.loadbalancer.server.port=80
- traefik.enable=true
- traefik.http.routers.php-http.rule=Host(`mystuff.com`, `en.mystuff.com`)
- 'traefik.http.routers.php-http.tls.domains[0].main=mystuff.com'
- 'traefik.http.routers.php-http.tls.domains[1].main=en.mystuff.com'
restart: always
mailserver:
[doesntmatter]
traefik:
image: traefik:v2.9
command:
- --providers.docker
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.letsencrypt.acme.email=heyho#gmail.com
- --certificatesresolvers.letsencrypt.acme.storage=acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
ports:
- 80:80
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme.json:/acme.json
It works fine.
Then I tried doing this :
docker network create web
And in the yml:
networks:
web:
external: true
internal:
external: false
For php-http:
networks:
- internal
- web
and (I tried without and with it)
- "traefik.docker.network=web"
In database and mailserver :
networks:
- internal
In traefik:
networks:
- web
and (tried without and with it)
- "traefik.docker.network=web"
It didn't work at all, my website wasn't accessible anymore.
Then as said there : https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/
I tried :
networks:
web: {}
Then in php-http and traefik:
networks:
- web
It didn't work either. Their example (with whoami) works on my server. (Tried with a local curl). Like always, this makes me hate sysadmin very much, does anyone has any clue on what's wrong there? It doesn't make anysense to me. I followed everything, tried everything.
Thank you
I am trying to get a docker-compose.yaml together to run Nextcloud and Collabora CODE via Nginx Proxy Manager.
So far I have Nginx and Nextcloud working really nicely with persistent volumes so that my configs survive kill & rm. My issue is that I cannot get my Collabora CODE instance to link to Nextcloud. There are multiple bits that I might have got wrong so I'll dump as much info as I can here.
I have the following subdomains all pointing at my server:
collabora.domain.tld nextcloud.domain.tld nginx.domain.tld
... and set up as proxy hosts:
As I mentioned, the Nginx and Nextcloud setups are great. When I point my browser at collabora.domain.tld I see the OK message. I can also access the admin page at collabora.domain.tld/loleaflet/dist/admin/admin.html
The NPM entry for collabora.domain.tld is below:
My docker-compose.yaml has gone through several iterations in an attempt to get this working, but my current attempt is below:
version: '3'
volumes:
nextcloud-data:
nextcloud-db:
npm-data:
npm-ssl:
npm-db:
networks:
frontend:
backend:
services:
code:
image: collabora/code:latest
restart: always
environment:
- password=${COLLABORA_PASSWORD:?Not defined!}
- username=${COLLABORA_USERNAME:?Not defined!}
- domain=${COLLABORA_DOMAIN:?Not defined!}
expose:
- "9980"
networks:
- frontend
- backend
nextcloud-app:
image: nextcloud:stable
restart: always
volumes:
- nextcloud-data:/var/www/html
environment:
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
- MYSQL_HOST=nextcloud-db
networks:
- frontend
- backend
nextcloud-db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- nextcloud-db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${NC_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
networks:
- backend
npm-app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- "80:80"
- "81:81"
- "443:443"
environment:
- DB_MYSQL_HOST=npm-db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=npm-user
- DB_MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
- DB_MYSQL_NAME=npm
volumes:
- npm-data:/data
- npm-ssl:/etc/letsencrypt
networks:
- frontend
- backend
npm-db:
image: jc21/mariadb-aria:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${NPM_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_DATABASE=npm
- MYSQL_USER=npm-user
- MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
volumes:
- npm-db:/var/lib/mysql
networks:
- backend
$COLLABORA_DOMAIN is set to nextcloud.domain.tld.
Any ideas what I have done wrong, and how to get my Nextcloud connected to CODE?
What do your custom locations look like? See, e.g. https://www.collaboraoffice.com/code/nginx-reverse-proxy/
I have a very similar setup, except the collabora instance is not in docker compose, as that never worked for me.
Make sure you have specified your domain environmental variable correctly (dot escaping etc.)
I'm trying to configure 2 domains to run on the same VPS.
using nginx-proxy + letsencrypt + docker-compose
i have setup both my domains to point to my VPS
i want to run 2 different sites with blazor client-side. (as a start simple index.html is fine)
how will i move on from here?
my docker-compose.yaml file
version: '2'
services:
proxy:
image: jwilder/nginx-proxy
container_name: proxy
restart: unless-stopped
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:rw
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
ports:
- "80:80"
- "443:443"
networks:
- "default"
- "proxy-tier"
proxy-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
restart: unless-stopped
environment:
- NGINX_PROXY_CONTAINER=proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- "proxy"
depends_on:
- "proxy"
networks:
- "default"
- "proxy-tier"
portainer:
image: portainer/portainer:latest
container_name: portainer
restart: always
environment:
- VIRTUAL_HOST=docker.DOMAIN.dk
- LETSENCRYPT_HOST=docker.DOMAIN.dk
- LETSENCRYPT_EMAIL=EMAIL#hotmail.com
volumes:
- ./portainer/:/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "9000:9000"
volumes:
certs:
vhost.d:
html:
networks:
proxy-tier:
How about changing to use it with an other software like Traffik?
Using traffik to proxy your traffic and handle your certificates of let's-encrypt. So you have one container who does it both and you can fire up as many docker container with traffik labels to route with tls certificate to new subdomains etc.
Full Smarthome Example:
https://www.smarthomebeginner.com/traefik-2-docker-tutorial/#3_Domain_Name
Traffik handle multiple domains: https://plexguide.com/threads/howto-configure-traefik-to-handle-multiple-domain-names.3420/
Or the traffik doc: https://docs.traefik.io/v2.2/routing/routers/#tls
I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml
based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info
I need to use a nginx reverse proxy. Therefore I use jwilder/nginx-proxy.
Also I'm using gitLab as a docker container.
So I came up with this docker-compose file, but accessing ci.server.com gives me a502 Bad Gateway` error.
I need some help to setup the correct ports for this docker container
version: '3.3'
services:
nginx:
container_name: 'nginx'
image: jwilder/nginx-proxy:alpine
restart: 'always'
ports:
- 80:80
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
gitlab:
container_name: gitlab
image: 'gitlab/gitlab-ce:10.0.2-ce.0'
restart: always
hostname: 'ci.server.com'
ports:
- '50022:22'
volumes:
- '/opt/gitlab/config:/etc/gitlab'
- '/opt/gitlab/logs:/var/log/gitlab'
- '/opt/gitlab/data:/var/opt/gitlab'
- '/opt/gitlab/secret:/secret/gitlab/backups'
- '/etc/letsencrypt:/etc/letsencrypt'
environment:
VIRTUAL_HOST: ci.server.com
VIRTUAL_PORT: 50022
Before I switched to nginx reverse proxy I used this docker-compose setup, which was working. And I don't get the difference or the mistake I made by 'converting' this.
old
version: '3.3'
services:
nginx:
container_name: 'nginx'
image: 'nginx:1.13.5'
restart: 'always'
ports:
- '80:80'
- '443:443'
volumes:
- '/opt/nginx/conf.d:/etc/nginx/conf.d:ro'
- '/opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro'
- '/etc/letsencrypt:/etc/letsencrypt'
links:
- 'gitlab'
gitlab:
container_name: gitlab
image: 'gitlab/gitlab-ce:10.0.2-ce.0'
restart: always
hostname: 'ci.server.com'
ports:
- '50022:22'
volumes:
- '/opt/gitlab/config:/etc/gitlab'
- '/opt/gitlab/logs:/var/log/gitlab'
- '/opt/gitlab/data:/var/opt/gitlab'
- '/opt/gitlab/secret:/secret/gitlab/backups'
- '/etc/letsencrypt:/etc/letsencrypt'
You should set VIRTUAL_PORT: 80 in your environment.
The proxy is actually trying to redirect the 80 port to the SSH port.
To use SSL with jwilderproxy you can look here
for example, I use this.
version: '3/3'
services:
gitlab:
container_name: gitlab
image: 'gitlab/gitlab-ce:10.0.2-ce.0'
restart: always
hostname: 'ci.server.com'
ports:
- '50022:22'
volumes:
- '/opt/gitlab/config:/etc/gitlab'
- '/opt/gitlab/logs:/var/log/gitlab'
- '/opt/gitlab/data:/var/opt/gitlab'
- '/opt/gitlab/secret:/secret/gitlab/backups'
- '/etc/letsencrypt:/etc/letsencrypt'
environment:
- VIRTUAL_HOST=ci.server.com
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=ci.server.com
- LETSENCRYPT_EMAIL=youremail