Docker & Letsencrypt, Revisited
Hippo Toes
This is a follow-up to my earlier
post on running gitlab-ce on
a qnap NAS using nginx and letsencrypt. The basic ideas are discussed in that
post. This post achieves the
same result but via docker compose. The
resulting docker-compose file is available in this
repository.
docker-compose
We will use version 3 of
docker-compose. I’m not a docker-compose expert, and I’m quite lazy so there
are probably better ways of doing this (e.g. I didn’t look at how to
re-implement the -volumes-from feature). Instead, I did what I found simplest
to produce the equivalent state as the manual commands in my previous post.
version: '3.4'
services:
nginx:
image: nginx
container_name: nginx
ports:
- "10080:80"
- "10443:443"
volumes:
- /share/container-vols/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- /share/container-vols/nginx/etc/nginx/conf.d:/etc/nginx/conf.d
- /share/container-vols/nginx/etc/nginx/vhost.d:/etc/nginx/vhost.d
- /share/container-vols/nginx/etc/nginx/certs:/etc/nginx/certs:ro
- /share/Web-fyodor/hippo-toes:/usr/share/nginx/html
labels:
- 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy'
restart: always
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
volumes:
- /share/container-vols/nginx/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /share/container-vols/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- /share/container-vols/nginx/etc/nginx/conf.d:/etc/nginx/conf.d
- /share/container-vols/nginx/etc/nginx/vhost.d:/etc/nginx/vhost.d
- /share/container-vols/nginx/etc/nginx/certs:/etc/nginx/certs:ro
- /share/Web-fyodor/hippo-toes:/usr/share/nginx/html
labels:
- 'com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen'
command: "-notify-sighup nginx -watch -wait 5s:30s
/etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf"
restart: always
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
volumes:
- /share/container-vols/nginx/etc/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- /share/container-vols/nginx/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /share/container-vols/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- /share/container-vols/nginx/etc/nginx/conf.d:/etc/nginx/conf.d
- /share/container-vols/nginx/etc/nginx/vhost.d:/etc/nginx/vhost.d
- /share/container-vols/nginx/etc/nginx/certs:/etc/nginx/certs:ro
- /share/Web-fyodor/hippo-toes:/usr/share/nginx/html
environment:
- NGINX_DOCKER_GEN_CONTAINER=nginx-gen
- NGINX_PROXY_CONTAINER=nginx
restart: always
nginx-fyodor:
image: nginx
container_name: nginx-fyodor
volumes:
- /share/Web-fyodor/hippo-toes/public:/usr/share/nginx/html:ro
environment:
- VIRTUAL_HOST=fyodor.hippo-toes.com,hippo-toes.com
- LETSENCRYPT_HOST=fyodor.hippo-toes.com,hippo-toes.com
- LETSENCRYPT_EMAIL=hippo@hippo-toes.com
restart: always
gitlab:
image: gitlab/gitlab-ce
container_name: gitlab-ce-1
ports:
- "11022:22"
- "11080:80"
- "11443:443"
volumes:
- /share/container-vols/gitlab/log:/var/log/gitlab
- /share/container-vols/gitlab/data:/var/opt/gitlab
- /share/container-vols/gitlab/backups:/var/opt/gitlab/backups
- /share/container-vols/gitlab/etc:/etc/gitlab
environment:
- VIRTUAL_HOST=gitlab.hippo-toes.com
- LETSENCRYPT_HOST=gitlab.hippo-toes.com
- LETSENCRYPT_EMAIL=hippo@hippo-toes.com
You can bring it up from the directory containing the docker-compose.yml file
with
$ docker-compose up -d
down with
$ docker-compose down
You can check the logs with
$ docker-compose logs -f
The one that comes up the most often is to restart nginx-fyodor after updating one of these posts…
$ docker-compose restart nginx-fyodor