Nginx Reverse Proxy

debug info

$ docker --version
Docker version 1.11.1, build 5604cbe
$ uname -a
Linux hermes 4.5.1-1-ARCH #1 SMP PREEMPT Thu Apr 14 19:19:32 CEST 2016 x86_64 GNU/Linux
$ cat /etc/os-release
NAME="Arch Linux"
ID=arch
PRETTY_NAME="Arch Linux"
ANSI_COLOR="0;36"
HOME_URL="https://www.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
$ pacman -Qs docker
local/docker 1:1.11.1-1
    Pack, ship and run any application as a lightweight container
local/docker-compose 1.6.2-1
    Fast, isolated development environments using Docker
local/python-docker-py 1.8.1-1
    Python client for Docker.
local/python-dockerpty 0.4.1-1
    Python library to use the pseudo-tty of a docker container

docker network inspect $(docker network ls -q)

[
    {
        "Name": "bridge",
        "Id": "e5dd06aa2acad2ceef34e4ed3b861a50314643c40b1e5077473bb4c8db459944",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Containers": {
            "180d6aaa3f4fcd24239c2d02b155e46da8b1ed20a8eeaa5d0719162321f7cc60": {
                "Name": "nginx",
                "EndpointID": "52ee8f795f92c7b42932e8f4029fe5adb8e41567e9654548ccffcd24360a0e8f",
                "MacAddress": "02:42:ac:11:00:07",
                "IPv4Address": "172.17.0.7/16",
                "IPv6Address": ""
            },
            "197cb92f1dcfae48244b7745a2fcf477e7b6b1193a02cf65004e7447e2bacc1a": {
                "Name": "nginx-apollo.nasreddine.com",
                "EndpointID": "69d41c7a1aac7c0c0cb8f4b43f18ecd4bd9f7b517d3b79834b028fcdd2b3a78d",
                "MacAddress": "02:42:ac:11:00:0a",
                "IPv4Address": "172.17.0.10/16",
                "IPv6Address": ""
            },
            "5d35cfcdd6437f6e07ccbe9937a527562b710ac0463bf5064785f6579f370321": {
                "Name": "nginx-gen",
                "EndpointID": "cc5708a91e596e007832098eb7ff2fe1c9f605b9fec28c959fd13d7e5f0f4385",
                "MacAddress": "02:42:ac:11:00:08",
                "IPv4Address": "172.17.0.8/16",
                "IPv6Address": ""
            },
            "67b2e9f8623b935d41a0a65bb5060a0f17fbb00630541a36ba60ecf6f18e9b45": {
                "Name": "logspout",
                "EndpointID": "4a866a0725e983d0a63d4ca825d3813882832f4a2712cd23a90f3104cc7af291",
                "MacAddress": "02:42:ac:11:00:06",
                "IPv4Address": "172.17.0.6/16",
                "IPv6Address": ""
            },
            "9b64c2a5cdc29326a85434b9b6a3801343c68416dfa072684ed20201101f136b": {
                "Name": "nginx-gen-letsencrypt",
                "EndpointID": "e5fe07a77f40aaf608846d43f1d2bb877f32a8e4c6df29ecf7acc518bf2998b8",
                "MacAddress": "02:42:ac:11:00:09",
                "IPv4Address": "172.17.0.9/16",
                "IPv6Address": ""
            },
            "a5e9df7a5bf6f508125a6642d4c04d1499da74a28dc7b73f394fbd3d03125216": {
                "Name": "redis",
                "EndpointID": "5ce10b7b0be71c4642265e2769a5e3b27d91bd6f36779960b0632db8f3c03242",
                "MacAddress": "02:42:ac:11:00:05",
                "IPv4Address": "172.17.0.5/16",
                "IPv6Address": ""
            },
            "e043739c462529170803fc01e75cf973c0a92ed03c6edc600e5bd09ab3971123": {
                "Name": "nginx-pfsense.nasreddine.com",
                "EndpointID": "0f5eb1f020e5cbf465016e0732271692ae40f4272e1b5357bcf06f91267b038e",
                "MacAddress": "02:42:ac:11:00:0b",
                "IPv4Address": "172.17.0.11/16",
                "IPv6Address": ""
            },
            "e4a8921a842d0e48bd19ba722ea06d7921c7b24551c9550d32dce6f8986bdb70": {
                "Name": "nginx-wpad.nasreddine.com",
                "EndpointID": "a38aa9fa0e5ecb7da991295e4f057132c77b7f3c3af9ef4345657526c4eafd4e",
                "MacAddress": "02:42:ac:11:00:0c",
                "IPv4Address": "172.17.0.12/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    },
    {
        "Name": "host",
        "Id": "c952037a038d0f89334f02e809ae1979a2fe905b53b42d5da2201e2adcfae7f0",
        "Scope": "local",
        "Driver": "host",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    },
    {
        "Name": "none",
        "Id": "bec3d8b75390802afcb6ddc1683fb285bdbf48ad22055d29e308eb1a76ba2511",
        "Scope": "local",
        "Driver": "null",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

nginx-apollo.nasreddine.com.service

[Unit]
Description=The NGINX HTTP and reverse proxy server. For apollo.nasreddine.com
Requires=docker.service nginx-gen-letsencrypt.service
After=docker.service nginx-gen-letsencrypt.service

[Service]
ExecStartPre=/bin/sh -c "docker inspect nginx-apollo.nasreddine.com >/dev/null 2>&1 && docker rm -f nginx || true"
ExecStartPre=/usr/bin/docker create --name nginx-apollo.nasreddine.com -e VIRTUAL_HOST=apollo.nasreddine.com -e LETSENCRYPT_HOST=apollo.nasreddine.com -e [email protected] nginx
ExecStart=/usr/bin/docker start -a nginx-apollo.nasreddine.com
ExecStop=-/usr/bin/docker stop nginx-apollo.nasreddine.com
ExecStopPost=/usr/bin/docker rm -f nginx-apollo.nasreddine.com
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

nginx-gen-letsencrypt.service

[Unit]
Description=Automatically generate let's encrypt certificates
Requires=docker.service nginx-gen.service
After=docker.service nginx-gen.service

[Service]
ExecStartPre=/bin/sh -c "docker inspect nginx-gen-letsencrypt >/dev/null 2>&1 && docker rm -f nginx-gen-letsencrypt || true"
ExecStartPre=/usr/bin/docker create --name nginx-gen-letsencrypt -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" --volumes-from nginx -v /data/docker-persistence/nginx/certs:/etc/nginx/certs:rw -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion
ExecStart=/usr/bin/docker start -a nginx-gen-letsencrypt
ExecStop=-/usr/bin/docker stop nginx-gen-letsencrypt
ExecStopPost=/usr/bin/docker rm -f nginx-gen-letsencrypt
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

# Exec start for testing
# ExecStartPre=/usr/bin/docker create --name nginx-gen-letsencrypt -e "ACME_CA_URI=https://acme-staging.api.letsencrypt.org/directory" -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" --volumes-from nginx -v /data/docker-persistence/nginx/certs:/etc/nginx/certs:rw -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion

nginx-gen.service

[Unit]
Description=Automatically generate nginx configuration for serving docker containers
Requires=docker.service nginx.service
After=docker.service nginx.service

[Service]
# The new `nginx.tmpl` is not working properly. See https://github.com/jwilder/nginx-proxy/issues/438
# ExecStartPre=/bin/sh -c "rm -f /tmp/nginx.tmpl && curl -Lo /tmp/nginx.tmpl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl"
ExecStartPre=/bin/sh -c "rm -f /tmp/nginx.tmpl && curl -Lo /tmp/nginx.tmpl https://raw.githubusercontent.com/jwilder/nginx-proxy/a72c7e6e20df3738ca365bf6c14598f6a8017500/nginx.tmpl"
ExecStartPre=/bin/sh -c "docker inspect nginx-gen >/dev/null 2>&1 && docker rm -f nginx-gen || true"
ExecStartPre=/usr/bin/docker create --name nginx-gen --volumes-from nginx -v /tmp/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/docker-gen -notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
ExecStart=/usr/bin/docker start -a nginx-gen
ExecStop=-/usr/bin/docker stop nginx-gen
ExecStopPost=/usr/bin/docker rm -f nginx-gen
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
Requires=docker.service
After=docker.service syslog.target network.target remote-fs.target nss-lookup.target

[Service]
ExecStartPre=/bin/sh -c "docker inspect nginx >/dev/null 2>&1 && docker rm -f nginx || true"
ExecStartPre=/usr/bin/docker create --name nginx -p 80:80 -p 443:443 -v /etc/nginx/conf.d -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /data/docker-persistence/nginx/certs:/etc/nginx/certs:ro nginx
ExecStart=/usr/bin/docker start -a nginx
ExecStop=-/usr/bin/docker stop nginx
ExecStopPost=/usr/bin/docker rm -f nginx
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target