Running Docker continter in Production

Nginx Proxy Manager

Nginx Proxy Manager is a simple and powerful tool that provides a web-based interface for managing Nginx reverse proxies, making it easy to set up SSL certificates and manage multiple services.

Step 1: Install Docker and Docker Compose

1. If you don't already have Docker installed, follow the instructions on Docker’s website.

2. For Docker Compose, you can check if it's installed by running:

   docker-compose --version
   

   If not installed, install it by following the official guide here.

Step 2: Create a Directory for Nginx Proxy Manager

1. Open a terminal and create a new directory to store the Docker Compose configuration:

   mkdir nginx-proxy-manager
   cd nginx-proxy-manager
   

Step 3: Create a docker-compose.yml File

1. Inside the nginx-proxy-manager directory, create a new file named docker-compose.yml:

   touch docker-compose.yml
   

2. Open the file with a text editor and add the following configuration:

   version: '3'
   
   services:
     app:
       image: 'jc21/nginx-proxy-manager:latest'
       restart: unless-stopped
       ports:
         - '80:80'        # HTTP
         - '81:81'        # Admin Panel
         - '443:443'      # HTTPS
       environment:
         DB_MYSQL_HOST: "db"
         DB_MYSQL_PORT: 3306
         DB_MYSQL_USER: "npm"
         DB_MYSQL_PASSWORD: "npm_password"
         DB_MYSQL_NAME: "npm"
       volumes:
         - ./data:/data
         - ./letsencrypt:/etc/letsencrypt
   
     db:
       image: 'mysql:5.7'
       restart: unless-stopped
       environment:
         MYSQL_ROOT_PASSWORD: 'root_password'
         MYSQL_DATABASE: 'npm'
         MYSQL_USER: 'npm'
         MYSQL_PASSWORD: 'npm_password'
       volumes:
         - ./mysql:/var/lib/mysql
   

   Here’s what this configuration does:

   • Services:
     • app: This is the Nginx Proxy Manager container.
     • db: A MySQL 5.7 container to handle the database for Nginx Proxy Manager.
   • Ports:
     • 80:80: Maps port 80 for HTTP traffic.
     • 81:81: Maps port 81 for accessing the Nginx Proxy Manager admin web interface.
     • 443:443: Maps port 443 for HTTPS traffic.
   • Volumes:
     • ./data:/data: Stores Nginx Proxy Manager data on your local machine.
     • ./letsencrypt:/etc/letsencrypt: Stores Let's Encrypt SSL certificates.
     • ./mysql:/var/lib/mysql: Stores MySQL database files.

Step 4: Start Nginx Proxy Manager Using Docker Compose

1. Ensure you’re in the nginx-proxy-manager directory where your docker-compose.yml file is located.

2. Run the following command to start the containers:

   docker-compose up -d
   

   • up: This starts the services defined in your docker-compose.yml.
   • -d: Runs the services in detached mode (in the background).

3. Docker Compose will download the required images (if they aren’t already present) and start both the Nginx Proxy Manager and MySQL containers.

Step 5: Access the Nginx Proxy Manager Web Interface

1. Open a web browser and navigate to:

   http://localhost:81
   

2. You’ll see the Nginx Proxy Manager login page. Use the following default credentials:

   • Email: admin@example.com
   • Password: changeme

3. After logging in, change the admin email and password to something secure.

Step 6: Add a Proxy Host

1. From the Nginx Proxy Manager dashboard, click Proxy Hosts.
2. Click the Add Proxy Host button.
3. Enter the domain or subdomain you want to proxy. For example, if you're running a service at http://your-app:3000, enter your-app.local.
4. Under the Forward Hostname / IP section, enter the IP address or hostname of the service you want to proxy. For instance, your-app.
5. Under Forward Port, enter the port number the service uses (e.g., 3000 for a service running on port 3000).
6. Enable Block Common Exploits and Websockets Support (if needed).
7. If you have a domain name and want to use HTTPS, go to the SSL tab and request a new SSL certificate via Let's Encrypt by checking the Force SSL and Request a new SSL certificate options.

Step 7: Verify Your Proxy Works

1. Once you've set up a proxy host, you can access your service through the domain or subdomain you configured in the Add Proxy Host step.
2. If you enabled HTTPS and requested a Let's Encrypt SSL certificate, make sure you access the service using https://your-domain.com.

Step 8: Managing Nginx Proxy Manager

You can continue to manage your proxy hosts, SSL certificates, and advanced Nginx configurations from the Nginx Proxy Manager admin interface. It also allows you to:

• View logs.
• Monitor SSL certificate renewals.
• Set up redirects or advanced proxy settings.

Example: Setting Up a Proxy for a Local Application

Let’s say you’re running a web app locally on port 8080 and want to access it via myapp.local. You’d follow these steps:

1. Add myapp.local to your computer’s hosts file, pointing to 127.0.0.1:

   127.0.0.1 myapp.local
   

2. In Nginx Proxy Manager, add a new proxy host:

   • Domain Name: myapp.local
   • Forward Hostname / IP: 127.0.0.1
   • Forward Port: 8080

3. After configuring the proxy host, open your browser and visit http://myapp.local to see the application.

Step 9: Stop and Remove Nginx Proxy Manager (if needed)

To stop the Nginx Proxy Manager containers, run:

docker-compose down

This will stop and remove both the Nginx Proxy Manager and MySQL containers, but your data will remain in the volumes (./data, ./letsencrypt, and ./mysql).

Caddy

Caddy is a modern web server that automatically provisions SSL certificates using Let's Encrypt, which makes it very easy to set up secure HTTPS servers.

What You’ll Need:

• Docker and Docker Compose installed.
• Basic knowledge of Docker and Docker Compose.

Step 1: Install Docker and Docker Compose

1. Install Docker: Follow the instructions on the Docker official website if you don't have Docker installed.
2. Install Docker Compose: If you don’t have Docker Compose, you can install it following the official guide.
3. Verify that Docker and Docker Compose are installed correctly:

   docker --version
   docker-compose --version
   

Step 2: Create a Directory for Caddy Configuration

1. Create a new directory where you'll store the Caddy configuration and Docker Compose files:

   mkdir caddy-docker
   cd caddy-docker
   

Step 3: Create the docker-compose.yml File

1. Inside the caddy-docker directory, create a docker-compose.yml file:

   touch docker-compose.yml
   

2. Open the docker-compose.yml file in your preferred text editor and add the following configuration:

   version: '3.8'
   
   services:
     caddy:
       image: caddy:latest
       container_name: caddy
       restart: unless-stopped
       ports:
         - "80:80"    # HTTP port
         - "443:443"  # HTTPS port
       volumes:
         - ./Caddyfile:/etc/caddy/Caddyfile   # Mount the Caddyfile configuration
         - ./data:/data                        # To store certificates
         - ./config:/config                    # Configuration data
       environment:
         - ACME_AGREE=true                     # Automatically accept the Let's Encrypt terms
       networks:
         - caddy_network
   
     whoami:
       image: traefik/whoami
       container_name: whoami
       labels:
         - "traefik.enable=false"  # Disable Traefik routing for this container
       networks:
         - caddy_network
   
   networks:
     caddy_network:
       driver: bridge
   

Key Points:

• Caddy Service:

  • Uses the official caddy:latest Docker image.
  • Exposes ports 80 (HTTP) and 443 (HTTPS) for web traffic.
  • Mounts the Caddyfile configuration file to /etc/caddy/Caddyfile in the container.
  • Mounts a data volume for storing SSL certificates, so they persist across container restarts.
  • Sets an environment variable ACME_AGREE=true to automatically accept the Let's Encrypt terms.

• Whoami Service:

  • This is a simple HTTP service that responds with information about the request. It’s used here as an example application to be served by Caddy.
  • Disabled Traefik routing by setting the label traefik.enable=false.

• Networks:

  • Both services are connected to a custom network (caddy_network), allowing Caddy to route traffic to whoami.

Step 4: Create the Caddy Configuration File

1. Inside the same caddy-docker directory, create a Caddyfile to configure how Caddy should handle incoming traffic. This is where you’ll define routing rules, domains, and SSL configurations.

   touch Caddyfile
   

2. Open the Caddyfile in your text editor and add the following content:

   whoami.local {
       reverse_proxy whoami:80
   }
   

   This configuration tells Caddy to listen for requests to whoami.local and reverse proxy those requests to the whoami service running on port 80.

   Important: The whoami.local domain will need to be added to your system's hosts file for it to resolve locally.

Step 5: Start Caddy and the Example Service

1. Make sure you are in the directory where the docker-compose.yml and Caddyfile are located.

2. Run the following command to start the services in detached mode:

   docker-compose up -d
   

   • up: Starts the containers defined in docker-compose.yml.
   • -d: Runs the containers in detached mode (in the background).

3. Docker will pull the necessary images and start both the Caddy and whoami containers.

Step 6: Edit the hosts File

To access the whoami.local domain, you need to modify your system's hosts file so that whoami.local points to 127.0.0.1 (localhost).

• On Linux or MacOS:

  1. Open the hosts file with a text editor:

     sudo nano /etc/hosts
     

  2. Add the following line to the file:

     127.0.0.1 whoami.local
     

  3. Save and close the file.

• On Windows:

  1. Open the hosts file located at C:\Windows\System32\drivers\etc\hosts in a text editor (run as Administrator).
  2. Add the following line:

     127.0.0.1 whoami.local
     

  3. Save and close the file.

Step 7: Access the Service in a Browser

1. Open your browser and navigate to:

   http://whoami.local
   

2. You should see the response from the whoami container, which will display basic information about the HTTP request (such as headers, IP, etc.).

Step 8: Access the HTTPS Version (Optional)

1. Caddy automatically provisions an SSL certificate for your domain through Let's Encrypt. To access your service securely, visit:

   https://whoami.local
   

   Caddy will automatically handle the HTTPS configuration, and your connection will be encrypted.

Step 9: Stopping the Containers

To stop and remove the containers, run the following command:

docker-compose down

This stops the containers and removes them, but it retains the data and configuration for the next time you bring the containers back up.

Step 10: Restarting the Containers (Optional)

If you made changes to the Caddyfile or want to restart the services, you can run:

docker-compose restart

This restarts the containers without removing them.

Example of a Complete docker-compose.yml and Caddyfile

Here’s the final version of the docker-compose.yml and Caddyfile:

docker-compose.yml:

version: '3.8'

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"    # HTTP port
      - "443:443"  # HTTPS port
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./data:/data
      - ./config:/config
    environment:
      - ACME_AGREE=true
    networks:
      - caddy_network

  whoami:
    image: traefik/whoami
    container_name: whoami
    labels:
      - "traefik.enable=false"
    networks:
      - caddy_network

networks:
  caddy_network:
    driver: bridge

Caddyfile:

whoami.local {
    reverse_proxy whoami:80
}