Running Docker continter in Production

Nginx Proxy Manager

Nginx Proxy Manager is a simple and powerful tool that provides a web-based interface for managing Nginx reverse proxies, making it easy to set up SSL certificates and manage multiple services.

Step 1: Install Docker and Docker Compose

1. If you don't already have Docker installed, follow the instructions on Docker’s website.

2. For Docker Compose, you can check if it's installed by running:

   docker-compose --version
   

   If not installed, install it by following the official guide here.

Step 2: Create a Directory for Nginx Proxy Manager

1. Open a terminal and create a new directory to store the Docker Compose configuration:

   mkdir nginx-proxy-manager
   cd nginx-proxy-manager
   

Step 3: Create a docker-compose.yml File

1. Inside the nginx-proxy-manager directory, create a new file named docker-compose.yml:

   touch docker-compose.yml
   

2. Open the file with a text editor and add the following configuration:

   version: '3'
   
   services:
     app:
       image: 'jc21/nginx-proxy-manager:latest'
       restart: unless-stopped
       ports:
         - '80:80'        # HTTP
         - '81:81'        # Admin Panel
         - '443:443'      # HTTPS
       environment:
         DB_MYSQL_HOST: "db"
         DB_MYSQL_PORT: 3306
         DB_MYSQL_USER: "npm"
         DB_MYSQL_PASSWORD: "npm_password"
         DB_MYSQL_NAME: "npm"
       volumes:
         - ./data:/data
         - ./letsencrypt:/etc/letsencrypt
   
     db:
       image: 'mysql:5.7'
       restart: unless-stopped
       environment:
         MYSQL_ROOT_PASSWORD: 'root_password'
         MYSQL_DATABASE: 'npm'
         MYSQL_USER: 'npm'
         MYSQL_PASSWORD: 'npm_password'
       volumes:
         - ./mysql:/var/lib/mysql
   

   Here’s what this configuration does:

   • Services:
     • app: This is the Nginx Proxy Manager container.
     • db: A MySQL 5.7 container to handle the database for Nginx Proxy Manager.
   • Ports:
     • 80:80: Maps port 80 for HTTP traffic.
     • 81:81: Maps port 81 for accessing the Nginx Proxy Manager admin web interface.
     • 443:443: Maps port 443 for HTTPS traffic.
   • Volumes:
     • ./data:/data: Stores Nginx Proxy Manager data on your local machine.
     • ./letsencrypt:/etc/letsencrypt: Stores Let's Encrypt SSL certificates.
     • ./mysql:/var/lib/mysql: Stores MySQL database files.

Step 4: Start Nginx Proxy Manager Using Docker Compose

1. Ensure you’re in the nginx-proxy-manager directory where your docker-compose.yml file is located.

2. Run the following command to start the containers:

   docker-compose up -d
   

   • up: This starts the services defined in your docker-compose.yml.
   • -d: Runs the services in detached mode (in the background).

3. Docker Compose will download the required images (if they aren’t already present) and start both the Nginx Proxy Manager and MySQL containers.

Step 5: Access the Nginx Proxy Manager Web Interface

1. Open a web browser and navigate to:

   http://localhost:81
   

2. You’ll see the Nginx Proxy Manager login page. Use the following default credentials:

   • Email: admin@example.com
   • Password: changeme

3. After logging in, change the admin email and password to something secure.

Step 6: Add a Proxy Host

1. From the Nginx Proxy Manager dashboard, click Proxy Hosts.
2. Click the Add Proxy Host button.
3. Enter the domain or subdomain you want to proxy. For example, if you're running a service at http://your-app:3000, enter your-app.local.
4. Under the Forward Hostname / IP section, enter the IP address or hostname of the service you want to proxy. For instance, your-app.
5. Under Forward Port, enter the port number the service uses (e.g., 3000 for a service running on port 3000).
6. Enable Block Common Exploits and Websockets Support (if needed).
7. If you have a domain name and want to use HTTPS, go to the SSL tab and request a new SSL certificate via Let's Encrypt by checking the Force SSL and Request a new SSL certificate options.

Step 7: Verify Your Proxy Works

1. Once you've set up a proxy host, you can access your service through the domain or subdomain you configured in the Add Proxy Host step.
2. If you enabled HTTPS and requested a Let's Encrypt SSL certificate, make sure you access the service using https://your-domain.com.

Step 8: Managing Nginx Proxy Manager

You can continue to manage your proxy hosts, SSL certificates, and advanced Nginx configurations from the Nginx Proxy Manager admin interface. It also allows you to:

• View logs.
• Monitor SSL certificate renewals.
• Set up redirects or advanced proxy settings.

Example: Setting Up a Proxy for a Local Application

Let’s say you’re running a web app locally on port 8080 and want to access it via myapp.local. You’d follow these steps:

1. Add myapp.local to your computer’s hosts file, pointing to 127.0.0.1:

   127.0.0.1 myapp.local
   

2. In Nginx Proxy Manager, add a new proxy host:

   • Domain Name: myapp.local
   • Forward Hostname / IP: 127.0.0.1
   • Forward Port: 8080

3. After configuring the proxy host, open your browser and visit http://myapp.local to see the application.

Step 9: Stop and Remove Nginx Proxy Manager (if needed)

To stop the Nginx Proxy Manager containers, run:

docker-compose down

This will stop and remove both the Nginx Proxy Manager and MySQL containers, but your data will remain in the volumes (./data, ./letsencrypt, and ./mysql).

Traefik

Traefik is a powerful and modern reverse proxy that integrates easily with Docker and other orchestrators. It automatically manages services, handles dynamic routing, and supports features like HTTPS and load balancing.

What You'll Need:

• Docker and Docker Compose installed.
• A basic understanding of Docker and reverse proxies.

Step 1: Install Docker and Docker Compose

1. Install Docker: If you don't have Docker installed, follow the instructions on Docker’s website.
2. Install Docker Compose: You can check if Docker Compose is installed by running:

   docker-compose --version
   

   If it's not installed, follow the guide here.

Step 2: Create a Directory for Traefik

1. Open a terminal and create a new directory to store the Docker Compose configuration:

   mkdir traefik-setup
   cd traefik-setup
   

Step 3: Create the traefik.toml Configuration File

1. Inside the traefik-setup directory, create a new directory for the Traefik configuration files:

   mkdir config
   

2. Create the traefik.toml file inside the config directory:

   touch config/traefik.toml
   

3. Open traefik.toml in a text editor and add the following content:

   [entryPoints]
     [entryPoints.web]
       address = ":80"
     [entryPoints.websecure]
       address = ":443"
   
   [api]
     dashboard = true
     insecure = true
   
   [providers]
     [providers.docker]
       endpoint = "unix:///var/run/docker.sock"
       exposedByDefault = false
   

   Here's what the configuration does:

   • Entry Points: Defines entry points for HTTP (:80) and HTTPS (:443).
   • API: Enables the Traefik dashboard on port 8080 and allows unsecured access.
   • Providers: Configures Docker as the provider for services and ensures only containers explicitly marked for exposure will be proxied.

Step 4: Create the docker-compose.yml File

1. In the traefik-setup directory, create a file named docker-compose.yml:

   touch docker-compose.yml
   

2. Open docker-compose.yml in a text editor and add the following configuration:

   version: '3'
   
   services:
     traefik:
       image: traefik:v2.9
       container_name: traefik
       restart: unless-stopped
       ports:
         - "80:80"          # HTTP
         - "443:443"        # HTTPS
         - "8080:8080"      # Traefik Dashboard
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock  # Give Traefik access to Docker
         - ./config/traefik.toml:/etc/traefik/traefik.toml  # Traefik configuration file
       networks:
         - web
   
   networks:
     web:
       external: true
   

   Explanation:

   • Services:
     • traefik: This is the Traefik service that uses the official Traefik Docker image.
     • Ports:
       • 80: Exposes HTTP traffic.
       • 443: Exposes HTTPS traffic.
       • 8080: Exposes the Traefik dashboard.
     • Volumes:
       • /var/run/docker.sock: Grants Traefik access to the Docker socket for service discovery.
       • ./config/traefik.toml: Links the local Traefik configuration file to the container.
     • Networks: Uses an external network called web. This allows other services to connect to Traefik using Docker networking.

Step 5: Create an External Docker Network

1. Traefik needs a Docker network to connect with other services. Create an external network named web:

   docker network create web
   

Step 6: Start Traefik Using Docker Compose

1. Make sure you're in the traefik-setup directory where the docker-compose.yml file is located.

2. Run the following command to start Traefik using Docker Compose:

   docker-compose up -d
   

   • up: Starts the containers defined in your docker-compose.yml.
   • -d: Runs the containers in detached mode (in the background).

3. Docker Compose will download the Traefik image (if it’s not already present) and start the Traefik container.

Step 7: Access the Traefik Dashboard

1. Open your web browser and navigate to:

   http://localhost:8080
   

2. You should see the Traefik dashboard, which provides insights into your running services and their status.

Step 8: Deploy a Sample Service Behind Traefik

Now, let’s deploy a simple web service (such as an Nginx container) and expose it through Traefik.

1. Create a directory for the sample service:

   mkdir nginx
   cd nginx
   

2. Create a docker-compose.yml file for the Nginx service:

   touch docker-compose.yml
   

3. Add the following content to docker-compose.yml:

   version: '3'
   
   services:
     nginx:
       image: nginx:latest
       container_name: nginx
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.nginx.rule=Host(`nginx.local`)"
         - "traefik.http.services.nginx.loadbalancer.server.port=80"
       networks:
         - web
       restart: unless-stopped
   
   networks:
     web:
       external: true
   

   • Services:
     • nginx: This is the Nginx container.
     • Labels: The labels tell Traefik to manage this container.
       • "traefik.enable=true": Enables Traefik routing for this service.
       • "traefik.http.routers.nginx.rule=Host('nginx.local')": Defines the routing rule (based on the hostname nginx.local).
       • "traefik.http.services.nginx.loadbalancer.server.port=80": Specifies the internal port that Nginx is using.
   • Networks: Connects to the web network, shared with Traefik.

Step 9: Add nginx.local to Your hosts File

1. To access nginx.local from your browser, add it to your local hosts file.

   For Linux and MacOS, open /etc/hosts and add the following line:

   127.0.0.1 nginx.local
   

   For Windows, edit the C:\Windows\System32\drivers\etc\hosts file similarly.

Step 10: Start the Nginx Service

1. In the nginx directory, start the Nginx service with Docker Compose:

   docker-compose up -d
   

2. Open your browser and navigate to:

   http://nginx.local
   

   You should see the default Nginx welcome page, confirming that Traefik is successfully routing traffic to your Nginx container.

Step 11: Enable HTTPS (Optional)

To enable HTTPS with Let's Encrypt, update the traefik.toml configuration to include Let's Encrypt settings.

1. Edit config/traefik.toml and add the following:

   [certificatesResolvers]
     [certificatesResolvers.le.acme]
       email = "your-email@example.com"
       storage = "/etc/traefik/acme.json"
       [certificatesResolvers.le.acme.httpChallenge]
         entryPoint = "web"
   

   This tells Traefik to use Let's Encrypt and store certificates in /etc/traefik/acme.json.

2. Create an empty acme.json file and set the correct permissions:

   touch config/acme.json
   chmod 600 config/acme.json
   

3. Update your Nginx service’s Docker Compose labels to enable HTTPS:

   labels:
     - "traefik.enable=true"
     - "traefik.http.routers.nginx.rule=Host(`nginx.local`)"
     - "traefik.http.services.nginx.loadbalancer.server.port=80"
     - "traefik.http.routers.nginx.entrypoints=web"
     - "traefik.http.routers.nginx-secure.rule=Host(`nginx.local`)"
     - "traefik.http.routers.nginx-secure.entrypoints=websecure"
     - "traefik.http.routers.nginx-secure.tls.certresolver=le"
   

4. Restart Traefik and the Nginx service to apply the changes:

   docker-compose restart
   

5. Visit https://nginx.local to see the Nginx page served over HTTPS.

Step 12

Traefik is a modern, dynamic reverse proxy and load balancer for microservices and containerized applications, often used with Docker, Kubernetes, or other orchestration systems.

What You’ll Need:

• Docker and Docker Compose installed on your machine.
• Basic knowledge of Docker and Docker Compose.

Step 1: Install Docker and Docker Compose

1. Install Docker: Follow the instructions on the Docker official website if you don't have Docker installed.
2. Install Docker Compose: If you don’t have Docker Compose, install it following the official guide.
3. Verify both Docker and Docker Compose are installed by running:

   docker --version
   docker-compose --version
   

Step 2: Create a Directory for Traefik Configuration

1. Create a new directory where you'll store your Traefik configuration and Docker Compose files:

   mkdir traefik
   cd traefik
   

Step 3: Create the docker-compose.yml File

1. Inside the traefik directory, create a docker-compose.yml file:

   touch docker-compose.yml
   

2. Open the docker-compose.yml file in your favorite text editor and add the following configuration:

   version: '3.8'
   
   services:
     traefik:
       image: traefik:v2.10
       container_name: traefik
       restart: unless-stopped
       command:
         - "--api.insecure=true"  # Enables the Traefik dashboard (insecure for testing)
         - "--providers.docker=true"  # Enable Docker as a provider
         - "--entryPoints.web.address=:80"  # Define the HTTP entry point
         - "--entryPoints.websecure.address=:443"  # Define the HTTPS entry point
       ports:
         - "80:80"   # HTTP port
         - "443:443" # HTTPS port
         - "8080:8080" # Traefik dashboard port
       volumes:
         - "/var/run/docker.sock:/var/run/docker.sock"  # Allows Traefik to interact with Docker
       labels:
         - "traefik.enable=true"  # Enables Traefik for this container
   
     # Example Web Application (to demonstrate Traefik in action)
     whoami:
       image: traefik/whoami
       container_name: whoami
       labels:
         - "traefik.http.routers.whoami.rule=Host(`whoami.local`)"  # Router rule for this service
         - "traefik.http.services.whoami.loadbalancer.server.port=80"  # Port for the service
   
   

Key Points:

• Traefik Service:

  • Uses traefik:v2.10 image.
  • Exposes HTTP (port 80), HTTPS (port 443), and dashboard (port 8080).
  • The --api.insecure=true command enables the Traefik dashboard (though insecure, it’s fine for a test environment).
  • Docker provider is enabled with --providers.docker=true, meaning Traefik will discover containers automatically.
  • Traefik’s volume mounts the Docker socket (/var/run/docker.sock) to interact with Docker.

• Whoami Service:

  • A simple HTTP service that returns basic information about the request. It is used to demonstrate Traefik's reverse proxy functionality.
  • It has Traefik labels to specify routing rules: the Host rule is set to route requests for whoami.local to this container.

Step 4: Start Traefik and the Web Service Using Docker Compose

1. Make sure you are inside the directory where your docker-compose.yml file is located.

2. Run the following command to start Traefik and the example service (whoami):

   docker-compose up -d
   

   • up: Starts the containers defined in docker-compose.yml.
   • -d: Runs the containers in detached mode.

3. Docker will pull the necessary images (if they’re not already present) and start both the Traefik and whoami containers.

Step 5: Access the Traefik Dashboard

1. Open your browser and go to the following URL to access the Traefik dashboard:

   http://localhost:8080
   

2. You should see the Traefik dashboard showing the whoami container as a service.

Step 6: Test the Traefik Reverse Proxy

1. To test the proxy, you need to edit your system’s hosts file to point whoami.local to 127.0.0.1 (localhost).

   On Linux or MacOS:

   sudo nano /etc/hosts
   

   Add the following line:

   127.0.0.1 whoami.local
   

   On Windows, you can edit the hosts file located at C:\Windows\System32\drivers\etc\hosts and add:

   127.0.0.1 whoami.local
   

2. After saving the hosts file, open a web browser and visit:

   http://whoami.local
   

3. You should see the response from the whoami container, showing basic information about the request (like headers, IP, etc.).

Step 7: Add More Services (Optional)

You can add more services to the docker-compose.yml file and manage them with Traefik in a similar way. Here's an example of adding another service:

  example:
    image: httpd:alpine
    container_name: example
    labels:
      - "traefik.http.routers.example.rule=Host(`example.local`)"
      - "traefik.http.services.example.loadbalancer.server.port=80"

1. After adding this service, don't forget to update the hosts file again:

   127.0.0.1 example.local
   

2. Visit http://example.local to see the new service.

Step 8: Stopping the Containers

To stop the containers, use the following command:

docker-compose down

This will stop and remove the containers but leave the volumes intact (for data persistence).

Example of a Complete docker-compose.yml File

Here’s an example of a more complete docker-compose.yml with multiple services:

version: '3.8'

services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: unless-stopped
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"

  whoami:
    image: traefik/whoami
    container_name: whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.local`)"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"

  example:
    image: httpd:alpine
    container_name: example
    labels:
      - "traefik.http.routers.example.rule=Host(`example.local`)"
      - "traefik.http.services.example.loadbalancer.server.port=80"

Caddy

Caddy is a modern web server that automatically provisions SSL certificates using Let's Encrypt, which makes it very easy to set up secure HTTPS servers.

What You’ll Need:

• Docker and Docker Compose installed.
• Basic knowledge of Docker and Docker Compose.

Step 1: Install Docker and Docker Compose

1. Install Docker: Follow the instructions on the Docker official website if you don't have Docker installed.
2. Install Docker Compose: If you don’t have Docker Compose, you can install it following the official guide.
3. Verify that Docker and Docker Compose are installed correctly:

   docker --version
   docker-compose --version
   

Step 2: Create a Directory for Caddy Configuration

1. Create a new directory where you'll store the Caddy configuration and Docker Compose files:

   mkdir caddy-docker
   cd caddy-docker
   

Step 3: Create the docker-compose.yml File

1. Inside the caddy-docker directory, create a docker-compose.yml file:

   touch docker-compose.yml
   

2. Open the docker-compose.yml file in your preferred text editor and add the following configuration:

   version: '3.8'
   
   services:
     caddy:
       image: caddy:latest
       container_name: caddy
       restart: unless-stopped
       ports:
         - "80:80"    # HTTP port
         - "443:443"  # HTTPS port
       volumes:
         - ./Caddyfile:/etc/caddy/Caddyfile   # Mount the Caddyfile configuration
         - ./data:/data                        # To store certificates
         - ./config:/config                    # Configuration data
       environment:
         - ACME_AGREE=true                     # Automatically accept the Let's Encrypt terms
       networks:
         - caddy_network
   
     whoami:
       image: traefik/whoami
       container_name: whoami
       labels:
         - "traefik.enable=false"  # Disable Traefik routing for this container
       networks:
         - caddy_network
   
   networks:
     caddy_network:
       driver: bridge
   

Key Points:

• Caddy Service:

  • Uses the official caddy:latest Docker image.
  • Exposes ports 80 (HTTP) and 443 (HTTPS) for web traffic.
  • Mounts the Caddyfile configuration file to /etc/caddy/Caddyfile in the container.
  • Mounts a data volume for storing SSL certificates, so they persist across container restarts.
  • Sets an environment variable ACME_AGREE=true to automatically accept the Let's Encrypt terms.

• Whoami Service:

  • This is a simple HTTP service that responds with information about the request. It’s used here as an example application to be served by Caddy.
  • Disabled Traefik routing by setting the label traefik.enable=false.

• Networks:

  • Both services are connected to a custom network (caddy_network), allowing Caddy to route traffic to whoami.

Step 4: Create the Caddy Configuration File

1. Inside the same caddy-docker directory, create a Caddyfile to configure how Caddy should handle incoming traffic. This is where you’ll define routing rules, domains, and SSL configurations.

   touch Caddyfile
   

2. Open the Caddyfile in your text editor and add the following content:

   whoami.local {
       reverse_proxy whoami:80
   }
   

   This configuration tells Caddy to listen for requests to whoami.local and reverse proxy those requests to the whoami service running on port 80.

   Important: The whoami.local domain will need to be added to your system's hosts file for it to resolve locally.

Step 5: Start Caddy and the Example Service

1. Make sure you are in the directory where the docker-compose.yml and Caddyfile are located.

2. Run the following command to start the services in detached mode:

   docker-compose up -d
   

   • up: Starts the containers defined in docker-compose.yml.
   • -d: Runs the containers in detached mode (in the background).

3. Docker will pull the necessary images and start both the Caddy and whoami containers.

Step 6: Edit the hosts File

To access the whoami.local domain, you need to modify your system's hosts file so that whoami.local points to 127.0.0.1 (localhost).

• On Linux or MacOS:

  1. Open the hosts file with a text editor:

     sudo nano /etc/hosts
     

  2. Add the following line to the file:

     127.0.0.1 whoami.local
     

  3. Save and close the file.

• On Windows:

  1. Open the hosts file located at C:\Windows\System32\drivers\etc\hosts in a text editor (run as Administrator).
  2. Add the following line:

     127.0.0.1 whoami.local
     

  3. Save and close the file.

Step 7: Access the Service in a Browser

1. Open your browser and navigate to:

   http://whoami.local
   

2. You should see the response from the whoami container, which will display basic information about the HTTP request (such as headers, IP, etc.).

Step 8: Access the HTTPS Version (Optional)

1. Caddy automatically provisions an SSL certificate for your domain through Let's Encrypt. To access your service securely, visit:

   https://whoami.local
   

   Caddy will automatically handle the HTTPS configuration, and your connection will be encrypted.

Step 9: Stopping the Containers

To stop and remove the containers, run the following command:

docker-compose down

This stops the containers and removes them, but it retains the data and configuration for the next time you bring the containers back up.

Step 10: Restarting the Containers (Optional)

If you made changes to the Caddyfile or want to restart the services, you can run:

docker-compose restart

This restarts the containers without removing them.

Example of a Complete docker-compose.yml and Caddyfile

Here’s the final version of the docker-compose.yml and Caddyfile:

docker-compose.yml:

version: '3.8'

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"    # HTTP port
      - "443:443"  # HTTPS port
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./data:/data
      - ./config:/config
    environment:
      - ACME_AGREE=true
    networks:
      - caddy_network

  whoami:
    image: traefik/whoami
    container_name: whoami
    labels:
      - "traefik.enable=false"
    networks:
      - caddy_network

networks:
  caddy_network:
    driver: bridge

Caddyfile:

whoami.local {
    reverse_proxy whoami:80
}