Dev Standards
  • Untitled
  • project-standards
    • project-success
      • index
      • production.s
    • taking-over-project
      • index
      • migrate-to-new-ios-certificates.mo
    • technical-agility
      • react-native-test.s
      • code-vocabulary-identical-business-vocabulary.s
      • under-15-minutes-project-installation.s
      • index
      • up-to-date-dependencies.s
  • react-native
    • react
      • get-element-size-or-position-with-onLayout.mo
      • binding-functions-in-react-component.s
      • enable-overflow-android.mo
    • setup
      • setup-code-push.mo
      • setup-facebook-login.mo
      • setup-and-deploy-new-project-to-staging.mo
      • add-cocoapods.mo
      • deploy-script.mo
      • setup-and-deploy-new-project-to-staging-with-hockeyapp.mo
      • add-native-module.mo
      • setup_firebase_multiple_envs.mo
      • remove-unnecessary-android-permissions.mo
      • deploy-to-production-android.mo
      • deploy-project-to-production
      • overriding-existing-app.s
      • patch-react-native-android.mo
      • setup-stripe-dev-standard.mo
    • features
      • icomoon.mo
      • lock-device-orientation.mo
      • clean-logout.s
      • deep-linking
      • offline-redux.mo
      • asyncstorage.mo
      • offline-mobx.mo
    • debugging
      • analyse-bug.mo
      • debug-network-calls.mo
      • debug-javascript-ios-device.mo
      • get-ios-logs.mo
      • debug-javascript.mo
      • handle-gradle-dependencies-clash.mo
      • debug-native-ios.mo
      • debug-two-ios-apps-simultaneously.mo
      • debug-native-android.mo
      • debug-webviews.mo
    • firebase
      • debug-events.mo
    • architecture
      • project-architecture.s
      • default-stack.s
      • file-naming.s
    • update
      • upgrade-react-native.mo
    • tests
      • setup-detox-jest.mo
    • use_http_links_in_react_native.mo
    • react-navigation
      • unmount-compoenent-on-page-change.mo
    • package-dependencies
      • handle-dependencies-with-yarn-override.mo
    • animations
      • react-native-animations.s
  • successful-sprint
    • coding
      • plan-your-ticket-to-improve-efficency.s
  • code-quality
    • components-state-testing.mo
    • mock-with-jest.mo
    • pull-request-template.s
    • pull_request_template
    • test-files-indentation.s
  • security
    • import_certificates_match.mo
    • 2FA.mo
  • contributing
    • contributing.mo
    • mo.s
    • standard.s
  • backend
    • graphql-js
      • getting-started-with-apollo-server-dataloader-knex.mo
    • node-js
      • handle-errors-and-exceptions-in-javascript.s
      • add-multiple-environments-configuration-on-loopback.s
    • django
      • deploy-to-aws.mo
      • create-user-model.mo
      • getting-started.mo
      • create-model-and-api.mo
  • performance
    • backend
      • cache-routes-using-varnish.mo
      • serve-images-as-static-files.mo
      • minimize-number-sql-queries.mo
      • python-investigation-tools.mo
      • how-to-investigate-performance.mo
      • output-sql-alchemy-orm-query.mo
    • front
      • how-to-investigate-performance.mo
      • table-and-chart-with-good-performance.mo
      • react-native-performance.s
      • simulate-network-iphone.mo
    • performance-decision-flow.s
  • git
    • merge-or-rebase-a-branch
  • editors
    • vscode
      • setup-vscode.mo
  • ops
    • docker
      • deploy-with-https.mo
  • templates
    • mo
  • react
    • redux
      • custom-redux-form-field.mo
      • pass-props-to-container.mo
    • component.s
    • lifecycle
      • trigger-action-on-props-update.mo
  • flowtype
    • flowtype.s
  • LICENCE
  • README
  • scrum
    • timebox.s
  • SUMMARY
Powered by GitBook
On this page
  • Owner: Sammy Teillet
  • Control points
  • Prerequisites
  • Steps (~15 min)
  • Install the nginx-proxy companion (~5 min)
  • Configure your project to use the companion (~5 min)
  • Make the switch (~5 min)
  1. ops
  2. docker

deploy-with-https.mo

PreviousdockerNexttemplates

Last updated 7 years ago

Owner:

Control points

If, as an expert of docker, you want to adapt the standard to the context of your project, you have to check that:

Prerequisites

Steps (~15 min)

Install the nginx-proxy companion (~5 min)

  • Connect to your server ssh user@your.domain

git clone git@github.com:evertramos/docker-compose-letsencrypt-nginx-proxy-companion.git
  • Create a .env file

cd docker-compose-letsencrypt-nginx-proxy-companion
cp ./.env.sample .env
  • Set the NGINX_FILES_PATH=/srv/nginx/data in the .env

    • vim ./.env

    • line 41 replace NGINX_FILES_PATH=/srv/nginx/data(or a different path if you prefer)

CHECK

Try to launch the companion by running:

./start.sh

You should have the following error because the port 80 is already used by your app docker:

ERROR: for nginx-web  Cannot start service nginx-web: driver failed programming external connectivity on endpoint nginx-web (4c0105fe57d370c99c0a143c967d1b8737006a4138618e1defebc4bab4e42d11): Bind for 0.0.0.0:80 failed: port is already allocated

Configure your project to use the companion (~5 min)

  • Remove the binding 80 port command, but expose it

version: '3'
services: 
  your-web-app: #It should contain port: "80:80"
    # ... 
-   ports:
-     - "80:80"
+   expose:
+     - 80
  • Configure the app to use the network created by the companion (webproxy is the default name)

version: '3'
services: 
    # ... 

+networks:
+  default:
+     external:
+        name: webproxy

GO FURTHER

  • In your project set 3 environment variable: VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL. The email will be used by Letsencrypt to notify you if the certificate expire.There are 2 ways:

    • In the docker-compose file

    • In your prod.env file that is read by your Dockerfile.

RECOMENDED WAY

Update the .env file of your web-app docker

  • In the ./env/prod.env add the following:

#... other env variable
+ VIRTUAL_HOST=my.domain.cloud.bam.tech
+ LETSENCRYPT_HOST=my.domain.cloud.bam.tech
+ LETSENCRYPT_EMAIL=your@email.com

OTHER solution

If you have no .env file you an also Update the docker-compose-prod file

version: '3'
services: 
  your-web-app: #It should contain port: "80:80"
    # ... 
    environment:
+      - VIRTUAL_HOST=my.domain.cloud.bam.tech
+      - LETSENCRYPT_HOST=my.domain.cloud.bam.tech
+      - LETSENCRYPT_EMAIL=your@email.com

Make the switch (~5 min)

BUSINESS INTERRUPTION

You will have to shut down your docker (so the port 80 is available), so during this step your domain won't be accessible.

  • Cut your app docker:

cd your-project-directory
docker-compose -f docker-compose-prod.yml down
  • Start the companion (go to the companion directory):

cd ../docker-compose-letsencrypt-nginx-proxy-companion
./start.sh
  • Launch your project docker again:

cd -
docker-compose -f docker-compose-prod.yml up -d

CHECK

Clone the nginx-proxy-companion on the server at the root of the server.

Check the validity of your domain, go to

Go and check your domain. Useful tip: go to the Handshake Simulation section and check the supported devices.

Sammy Teillet
https://www.ssllabs.com/ssltest/
https://www.ssllabs.com/ssltest/
project
https://blog.docker.com/2016/12/understanding-docker-networking-drivers-use-cases/
https://your.domain
there