If you want to enable SSL support for your docker project there is an easy way to go:
Requirements:
- A domain name (without a domain name or an publicly available ip address it is not possible to enable SSL support via Let’s Encrypt)
- A docker compose file (the one you use for your project – if you only use a Dockerfile without a docker compose file, it can be easily set up: just follow this instruction: Converting a Dockerfile to a docker-compose.yml)
Let’s assume your project’s folder structure is as follows:
(project root) / ├── Super cool project / │ ├── index.html │ ├── script.js │ ├── style.css │ └── Dockerfile └── docker-compose.yml
And the content of your docker-compose.yml is like this:
version: "3.8" services: super-cool-container: build: "./Super cool project" ports: - 80:80
All you have to do to enable SSL is to add 2 more services to this file and 1 volume and to delete all the publicly available exposed ports of your project’s container:
version: "3.8" services: super-cool-container: build: "./Super cool project"ports: - 80:80environment: - VIRTUAL_HOST: super-cool.example.com - VIRTUAL_PORT: 80 - LETSENCRYPT_HOST: super-cool.example.com - LETSENCRYPT_EMAIL: ssl-admin@example.com nginx-proxy: image: nginxproxy/nginx-proxy ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - ./nginx/certs:/etc/nginx/certs:rw - ./nginx/vhost.d:/etc/nginx/vhost.d:rw - ./nginx/html:/usr/share/nginx/html:rw nginx-proxy-companion: image: nginxproxy/acme-companion environment: DEFAULT_EMAIL: ssl-admin@example.com volumes_from: - nginx-proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - acme:/etc/acme.sh:rw depends_on: - nginx-proxy volumes: - acme:
Obviously you should change the hostnames and email-addresses accordingly.
The nginx-proxy will now handle all incoming requests from the ports 80 and 443 and will redirect the requests to the containers automatically based on the hostname that was given in the request.
The nginx-proxy-companion on the other hand will just do all the ssl magic by automatically pulling new certificates for the containers when the certificate is going to expire.
Let’s assume your public ip address is 1.1.1.1 (which it is not in the most cases :-P) and your domain name is example.com and your projects domain name is super-cool.example.com.
If you try to reach your project by ip-address (1.1.1.1) it will give you an Error 503.
If you try to reach your project by just example.com (eventhough it might point to the right ip address) it will display an Error 503.
But if you try to reach your project by the domain name provided in your docker-compose.yml (so in this case super-cool.example.com) it will display the correct site.