using nginx-proxy and acme-companion to have nice https urls for your services
nginx-proxy will act as a reverse proxy and accept incoming http connections and forward them to the correct nginx containers.
the containers use a separate docker network
if your containers need to use another docker network, or even the host network (quite common) see the section about it below
docker network create nginx-proxy
start nginx-proxy with script:
#!/bin/sh
docker stop nginx-proxy
docker rm nginx-proxy
docker pull nginxproxy/nginx-proxy
docker run \
--name nginx-proxy \
--detach \
--restart unless-stopped \
--network nginx-proxy \
--publish 80:80 \
--publish 443:443 \
--volume certs:/etc/nginx/certs \
--volume vhosts:/etc/nginx/vhost.d \
--volume html:/usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy
acme-companion will generate and renew automatically ssl certificates using Let's Encrypt - instant https 🥳
#!/bin/sh
docker stop acme-companion
docker rm acme-companion
docker pull nginxproxy/acme-companion
docker run \
--name acme-companion \
--detach \
--restart unless-stopped \
--network nginx-proxy \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume acme:/etc/acme.sh \
--env DEFAULT_EMAIL="[email protected]" \
nginxproxy/acme-companion
The few requirements for nginx-proxy to interact with nginx-containers is that the environment variable VIRTUAL_HOST is set in the container and that all the containers share the same docker network.
For acme-companion to work, LETSENCRYPT_HOST and LETSENCRYPT_EMAIL have to be set.
In this example hof.ticklemynausea.nethas an A record with the home IP address, whose router forwards ports 80 and 443 to the host running nginx-proxy.
Source for the nginx-tv-test-pattern container used as an example.
This should work for all services that expose http ports, but beware that using the nginx-proxynetwork might interfere with the service if they require running on the host network.
#!/bin/sh
docker stop nginx-tv-test-pattern
docker rm nginx-tv-test-pattern
docker pull ticklemynausea/nginx-tv-test-pattern
docker run \
--name nginx-tv-test-pattern \
--detach \
--restart unless-stopped \
--network nginx-proxy \
--env VIRTUAL_HOST="hof.ticklemynausea.net" \
--env LETSENCRYPT_HOST="hof.ticklemynausea.net" \
--env LETSENCRYPT_EMAIL="[email protected]" \
ticklemynausea/nginx-tv-test-pattern
Let's say that you're running home assistant on a separate host, homeassistant.lan:8123 and you want your running nginx-proxy to act as a reverse proxy for it.
Or that you're running other containers, locally, but they run on a different docker network for any reason
My solution for this is to run another container, locally, in the nginx-proxynetwork that acts a reverse proxy for your other host or service. To make this easier, here's a very simple docker reverse proxy that only requires a PROXY_PASS environment variable as configuration: nginx-reverse-proxy-docker
#!/bin/sh
docker stop nginx-homeassistant-reverse-proxy
docker rm nginx-homeassistant-reverse-proxy
docker pull ticklemynausea/nginx-reverse-proxy
docker run \
--name nginx-homeassistant-reverse-proxy \
--detach \
--restart unless-stopped \
--network nginx-proxy \
--env VIRTUAL_HOST="homeassistant.ticklemynausea.net" \
--env LETSENCRYPT_HOST="homeassistant.ticklemynausea.net" \
--env LETSENCRYPT_EMAIL="[email protected]" \
--env PROXY_PASS="http://homeassistant.lan:8123" \
ticklemynausea/nginx-reverse-proxy