-
-
Save saroar/9a90b8396ac37311fe21de4bce3ad2e2 to your computer and use it in GitHub Desktop.
| // nginx.conf | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| server { | |
| listen 80; | |
| server_name qvisa.eu; | |
| location / { | |
| proxy_pass http://quick_process_swift:8081; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| server_name epayroll.pt; | |
| location / { | |
| proxy_pass http://ePayroll:8080; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| } | |
| } | |
| // nginx docker compose file | |
| version: '3' | |
| services: | |
| nginx: | |
| image: nginx:latest | |
| container_name: nginx-proxy | |
| restart: always | |
| ports: | |
| - "80:80" | |
| volumes: | |
| - ~/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf:ro | |
| networks: | |
| - shared_network | |
| networks: | |
| shared_network: | |
| external: true | |
| // quick_process_swift docker compose | |
| version: '3.7' | |
| services: | |
| quick_process_swift: | |
| image: alifspb/quick_process_swift:latest | |
| container_name: quick_process_swift | |
| ports: | |
| - '8081:8081' | |
| command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"] | |
| networks: | |
| - shared_network | |
| networks: | |
| shared_network: | |
| external: true | |
| // epayroll docker compose | |
| version: '3.7' | |
| services: | |
| epayroll: | |
| image: epayroll:latest | |
| container_name: epayroll-app | |
| ports: | |
| - '8080:8080' | |
| command: ["./App", "serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"] | |
| networks: | |
| - shared_network | |
| networks: | |
| shared_network: | |
| external: true | |
| NOTE: all use same network |
Certainly! Here is a detailed documentation that outlines the important points for setting up and configuring your Docker Compose setup for nginx-proxy, epayroll, and QuickProcessSwift.
Documentation for Docker Compose Setup
Overview
This documentation covers the setup and configuration of Docker Compose for three services: nginx-proxy, epayroll, and QuickProcessSwift. The nginx-proxy service acts as a reverse proxy and handles SSL certificates using Let's Encrypt. The epayroll and QuickProcessSwift services are applications that are routed through the nginx-proxy.
1. nginx-proxy Service
docker-compose.yml for nginx-proxy
version: '3'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
networks:
- shared_network
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:rw
networks:
- shared_network
networks:
shared_network:
external: trueKey Points
- Ports: Exposes ports
80and443for HTTP and HTTPS traffic. - Volumes:
docker.sock: Enables Docker to communicate with thenginx-proxycontainer.vhost.d,html,certs: Configurations for virtual hosts, HTML content, and SSL certificates.
- Networks: Uses an external Docker network
shared_network.
2. epayroll Service
docker-compose.yml for epayroll
version: '3.7'
x-shared_environment: &shared_environment
LOG_LEVEL: ${LOG_LEVEL:-debug}
services:
app:
image: epayroll:latest
container_name: ePayroll
restart: always
build:
context: .
environment:
<<: *shared_environment
VIRTUAL_HOST: epayroll.pt
LETSENCRYPT_HOST: epayroll.pt
LETSENCRYPT_EMAIL: [email protected]
ports:
- '8080:8080'
command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
networks:
- shared_network
networks:
shared_network:
external: trueKey Points
- Environment Variables:
VIRTUAL_HOST,LETSENCRYPT_HOST,LETSENCRYPT_EMAIL: Used bynginx-proxyand Let's Encrypt for domain and SSL configuration.
- Ports: Exposes port
8080. - Networks: Uses the
shared_network.
3. QuickProcessSwift Service
docker-compose.yml for QuickProcessSwift
version: '3.7'
x-shared_environment: &shared_environment
LOG_LEVEL: ${LOG_LEVEL:-info}
MONGO_DB_PRODUCTION_URL: '${MONGO_DB_PRODUCTION_URL}'
JWT_SECRET_PRODUCTION: '${JWT_SECRET_PRODUCTION}'
services:
app:
image: alifspb/quick_process_swift:latest
container_name: quick_process_swift
build:
context: .
environment:
<<: *shared_environment
VIRTUAL_HOST: qvisa.eu
LETSENCRYPT_HOST: qvisa.eu
LETSENCRYPT_EMAIL: [email protected]
VIRTUAL_PORT: 8081
depends_on:
- mongo
ports:
- '8081:8081'
command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"]
networks:
- shared_network
volumes:
- .env:/app/.env
mongo:
image: mongo
container_name: qvp_mongo_pro
volumes:
- ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
- qvp_mongodb_pro:/data/db
networks:
- shared_network
restart: unless-stopped
ports:
- '27019:27017'
volumes:
qvp_mongodb_pro:
networks:
shared_network:
external: trueKey Points
- Environment Variables:
VIRTUAL_HOST,LETSENCRYPT_HOST,LETSENCRYPT_EMAIL,VIRTUAL_PORT: Used bynginx-proxyand Let's Encrypt for domain and SSL configuration.MONGO_DB_PRODUCTION_URL,JWT_SECRET_PRODUCTION: Application-specific environment variables.
- Depends On: Ensures the
mongoservice starts before the application. - Ports: Exposes port
8081for the application and27019for MongoDB. - Volumes: Maps the environment file and MongoDB initialization script.
- Networks: Uses the
shared_network.
Additional Notes
-
Network Configuration:
- Ensure that the
shared_networkis created as an external network before starting the services. This network allows the services to communicate with each other.
docker network create shared_network
- Ensure that the
-
Environment Variables:
- Make sure all required environment variables are defined in the
.envfiles or passed directly in thedocker-compose.yml.
- Make sure all required environment variables are defined in the
-
SSL Certificates:
- The Let's Encrypt companion container automatically handles SSL certificates for the domains specified in
VIRTUAL_HOSTandLETSENCRYPT_HOSTenvironment variables.
- The Let's Encrypt companion container automatically handles SSL certificates for the domains specified in
-
Logs and Debugging:
- Inspect logs for
nginx-proxyand individual services to debug any issues related to configuration or connectivity.
docker logs nginx-proxy docker logs ePayroll docker logs quick_process_swift
- Inspect logs for
-
Force Regenerate Configuration:
- Restart
nginx-proxyto force it to regenerate its configuration if changes are not reflected.
docker restart nginx-proxy
- Restart
By following this documentation, you should be able to set up and configure your Docker Compose environment for nginx-proxy, epayroll, and QuickProcessSwift services successfully.
Let's Encrypt certificates are valid for 90 days. However, you do not need to manually renew them because the letsencrypt-nginx-proxy-companion container automatically handles the renewal process.
Automatic Renewal with Let's Encrypt
The letsencrypt-nginx-proxy-companion is configured to:
- Automatically Renew Certificates: It automatically renews the certificates when they are close to expiry (typically 30 days before the expiration date).
- Reload Nginx Configuration: After renewing a certificate, it will reload the
nginx-proxyconfiguration to apply the new certificate.
Checking Certificate Expiration
You can check the expiration dates of your Let's Encrypt certificates to ensure they are being renewed correctly. Here are a couple of ways to do this:
1. Using the Let's Encrypt companion container logs
The logs will show information about certificate issuance and renewal:
docker logs nginx-letsencrypt2. Using OpenSSL
You can check the expiration date of a certificate with OpenSSL:
echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 | openssl x509 -noout -datesReplace yourdomain.com with your actual domain name.
Manual Renewal (If Needed)
In some rare cases, you might need to manually trigger a certificate renewal. You can force renew all certificates by using the following command inside the letsencrypt-nginx-proxy-companion container:
docker exec nginx-letsencrypt /app/force_renewKey Points for Automatic Renewal
- Ensure that the
letsencrypt-nginx-proxy-companioncontainer is running and configured correctly. - Check logs periodically to ensure there are no errors related to certificate renewal.
- Ensure your domain is accessible from the internet, as Let's Encrypt needs to validate the domain ownership during the renewal process.
With the automatic renewal in place, you should not need to worry about manually updating your certificates. Just ensure that your letsencrypt-nginx-proxy-companion container is running correctly and your domains remain accessible.
nginx-proxy > docker-compose.yml
epayroll -> docker-compose.yml
QuickProcessSwift -> docker-compose.yml