Docker Compose and Nginx Configuration
docker-compose.yml
...
nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
environment:
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_SERVER_ROOT: /var/www/html/web
NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
volumes:
- ./:/var/www/html:cached
- /etc/letsencrypt/:/etc/letsencrypt/
- ./assets/nginx-ssl-vhost.conf:/etc/nginx/conf.d/nginx-ssl-vhost.conf
ports:
- 8001:80
- 8444:443
labels:
- 'traefik.backend=${PROJECT_NAME}_nginx'
- 'traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.${PROJECT_BASE_URL}'
...
The volume /etc/letsencrypt/:/etc/letsencrypt/ is to copy the whole Let's Encrypt keys.
The volume ./assets/nginx-ssl-vhost.conf:/etc/nginx/conf.d/nginx-ssl-vhost.conf is to copy the custom nginx ssl virtual host.
The port 8444:443 is to use port 8443 as a proxy of port 443.
assets/nginx-ssl-vhost.conf
server {
listen 443 ssl;
server_name default;
ssl_certificate /etc/letsencrypt/live/www.mycoolsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mycoolsite.com/privkey.pem;
include preset.conf;
include defaults.conf;
root /var/www/html/web;
}
This virtual host configuration will listen to port 443 and will use the keys that was transferred from the docker-compose Nginx volume.
Apache Virtual Host
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.mycoolsite.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://0.0.0.0:8444/
ProxyPassReverse / https://0.0.0.0:8444/
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/www.mycoolsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mycoolsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
This Apache virtual host will listen to port 443 and will call the Docker Nginx port 8444 using the same SSL certificates that we use from Nginx.
Add new comment