Docker, A Reverse Proxy, This Site and LetsEncrypt!

The site was migrated to SSDNodes last year as my previous host was becoming less reliable and I fancied something more versatile.  I’ve not covered it on here but here is how my site runs, now with added HTTPS thanks to LetsEncrypt!

A bit of history.  This is a WordPress site and has been since it was migrated from Windows Live Spaces which shows it’s age!  There is an official Docker container available so I thought I’d give that a go.  I may want to host more than one site on the same virtual server at some point so looked in to my options for a reverse proxy and jwilder had the perfect solution it turned out.  Building on an example I found I managed to get the site going behind the proxy but wanted to secure it.  Unsurprisingly this problem had already been solved too…

Follows are my Docker Compose files that work a treat, as much as examples for others as to help me in the future if I need to set up a new site or rebuild this one if something goes wrong.  When the container for the site is fired up for the first time it creates, and maintains, a Lets Encrypt certificate automatically.  Neat!

One thing for VaultPress users to be aware of is that you’ll need to follow the steps here under the reverse proxy section otherwise the service won’t be able to connect to your site to back it up.

If I need to host a new site, I just need to create a new site definition file and it should sort itself out.  Please note, the formatting may be screwy if you copy and paste these so you may need to manually tweak them.

neave-eng.yml

version: '2'

services:

neaveeng:
 depends_on:
 - mariadb
 image: wordpress
 links:
 - mariadb:mysql
 environment:
 WORDPRESS_DB_PASSWORD: [YOURDBPASSWORDHERE]
 WORDPRESS_DB_NAME: wp_neaveeng
 APACHE_RUN_USER: wp-neaveeng
 APACHE_RUN_GROUP: wp-neaveeng
 VIRTUAL_HOST: neave.engineering
 LETSENCRYPT_HOST: neave.engineering
 LETSENCRYPT_EMAIL: my.email@domain.com
 volumes:
 - ./neaveeng/code:/code
 - ./neaveeng/html:/var/www/html
 - /etc/passwd:/etc/passwd:ro
 - /etc/group:/etc/group:ro
 restart: always

mariadb:
 image: mariadb
 environment:
 MYSQL_ROOT_PASSWORD: [YOURDBPASSWORDHERE]
 MYSQL_DATABASE: wp_neaveeng
 volumes:
 - ./neaveeng/database:/var/lib/mysql
 restart: always

proxy.yml

version: '2'

services:
 nginx-proxy:
 image: jwilder/nginx-proxy
 ports:
 - "80:80"
 - "443:443"
 volumes:
 - /var/run/docker.sock:/tmp/docker.sock:ro
 - "/etc/nginx/vhost.d"
 - "/usr/share/nginx/html"
 - "/etc/nginx/certs"
 restart: always

letsencrypt-nginx-proxy-companion:
 image: jrcs/letsencrypt-nginx-proxy-companion
 volumes:
 - "/var/run/docker.sock:/var/run/docker.sock:ro"
 volumes_from:
 - "nginx-proxy"

whoami:
 image: jwilder/whoami
 environment:
 - VIRTUAL_HOST=whoami.local
 restart: always

Leave a Reply