nginx+docker+docker+docker.swift

// nginx.conf
events {
    worker_connections 1024;
}

http {
    server {
        listen 80;
        server_name qvisa.eu;

        location / {
            proxy_pass http://quick_process_swift:8081;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

    server {
        listen 80;
        server_name epayroll.pt;

        location / {
            proxy_pass http://ePayroll:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

// nginx docker compose file
version: '3'
services:
  nginx:
    image: nginx:latest
    container_name: nginx-proxy
    restart: always
    ports:
      - "80:80"
    volumes:
      - ~/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf:ro
    networks:
      - shared_network

networks:
  shared_network:
    external: true

// quick_process_swift docker compose 
version: '3.7'
services:
  quick_process_swift:
    image: alifspb/quick_process_swift:latest
    container_name: quick_process_swift
    ports:
      - '8081:8081'
    command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"]
    networks:
      - shared_network

networks:
  shared_network:
    external: true

// epayroll docker compose
version: '3.7'
services:
  epayroll:
    image: epayroll:latest
    container_name: epayroll-app
    ports:
      - '8080:8080'
    command: ["./App", "serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
    networks:
      - shared_network

networks:
  shared_network:
    external: true

NOTE: all use same network 

Certainly! Here is a detailed documentation that outlines the important points for setting up and configuring your Docker Compose setup for nginx-proxy, epayroll, and QuickProcessSwift.

Documentation for Docker Compose Setup

Overview

This documentation covers the setup and configuration of Docker Compose for three services: nginx-proxy, epayroll, and QuickProcessSwift. The nginx-proxy service acts as a reverse proxy and handles SSL certificates using Let's Encrypt. The epayroll and QuickProcessSwift services are applications that are routed through the nginx-proxy.

1. nginx-proxy Service

docker-compose.yml for nginx-proxy

version: '3'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
    networks:
      - shared_network

  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: always
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:rw
    networks:
      - shared_network

networks:
  shared_network:
    external: true

Key Points

• Ports: Exposes ports 80 and 443 for HTTP and HTTPS traffic.
• Volumes:
  • docker.sock: Enables Docker to communicate with the nginx-proxy container.
  • vhost.d, html, certs: Configurations for virtual hosts, HTML content, and SSL certificates.
• Networks: Uses an external Docker network shared_network.

2. epayroll Service

docker-compose.yml for epayroll

version: '3.7'

x-shared_environment: &shared_environment
  LOG_LEVEL: ${LOG_LEVEL:-debug}

services:
  app:
    image: epayroll:latest
    container_name: ePayroll
    restart: always
    build:
      context: .
    environment:
      <<: *shared_environment
      VIRTUAL_HOST: epayroll.pt
      LETSENCRYPT_HOST: epayroll.pt
      LETSENCRYPT_EMAIL: [email protected]
    ports:
      - '8080:8080'
    command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
    networks:
      - shared_network

networks:
  shared_network:
    external: true

Key Points

• Environment Variables:
  • VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL: Used by nginx-proxy and Let's Encrypt for domain and SSL configuration.
• Ports: Exposes port 8080.
• Networks: Uses the shared_network.

3. QuickProcessSwift Service

docker-compose.yml for QuickProcessSwift

version: '3.7'

x-shared_environment: &shared_environment
  LOG_LEVEL: ${LOG_LEVEL:-info}
  MONGO_DB_PRODUCTION_URL: '${MONGO_DB_PRODUCTION_URL}'
  JWT_SECRET_PRODUCTION: '${JWT_SECRET_PRODUCTION}'

services:
  app:
    image: alifspb/quick_process_swift:latest
    container_name: quick_process_swift
    build:
      context: .
    environment:
      <<: *shared_environment
      VIRTUAL_HOST: qvisa.eu
      LETSENCRYPT_HOST: qvisa.eu
      LETSENCRYPT_EMAIL: [email protected]
      VIRTUAL_PORT: 8081
    depends_on:
      - mongo
    ports:
      - '8081:8081'
    command: ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8081"]
    networks:
      - shared_network
    volumes:
      - .env:/app/.env

  mongo:
    image: mongo
    container_name: qvp_mongo_pro
    volumes:
      - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      - qvp_mongodb_pro:/data/db
    networks:
      - shared_network
    restart: unless-stopped
    ports:
      - '27019:27017'

volumes:
  qvp_mongodb_pro:

networks:
  shared_network:
    external: true

Key Points

• Environment Variables:
  • VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL, VIRTUAL_PORT: Used by nginx-proxy and Let's Encrypt for domain and SSL configuration.
  • MONGO_DB_PRODUCTION_URL, JWT_SECRET_PRODUCTION: Application-specific environment variables.
• Depends On: Ensures the mongo service starts before the application.
• Ports: Exposes port 8081 for the application and 27019 for MongoDB.
• Volumes: Maps the environment file and MongoDB initialization script.
• Networks: Uses the shared_network.

Additional Notes

1. Network Configuration:

   • Ensure that the shared_network is created as an external network before starting the services. This network allows the services to communicate with each other.

   docker network create shared_network

2. Environment Variables:

   • Make sure all required environment variables are defined in the .env files or passed directly in the docker-compose.yml.

3. SSL Certificates:

   • The Let's Encrypt companion container automatically handles SSL certificates for the domains specified in VIRTUAL_HOST and LETSENCRYPT_HOST environment variables.

4. Logs and Debugging:

   • Inspect logs for nginx-proxy and individual services to debug any issues related to configuration or connectivity.

   docker logs nginx-proxy
   docker logs ePayroll
   docker logs quick_process_swift

5. Force Regenerate Configuration:

   • Restart nginx-proxy to force it to regenerate its configuration if changes are not reflected.

   docker restart nginx-proxy

By following this documentation, you should be able to set up and configure your Docker Compose environment for nginx-proxy, epayroll, and QuickProcessSwift services successfully.

Let's Encrypt certificates are valid for 90 days. However, you do not need to manually renew them because the letsencrypt-nginx-proxy-companion container automatically handles the renewal process.

Automatic Renewal with Let's Encrypt

The letsencrypt-nginx-proxy-companion is configured to:

1. Automatically Renew Certificates: It automatically renews the certificates when they are close to expiry (typically 30 days before the expiration date).
2. Reload Nginx Configuration: After renewing a certificate, it will reload the nginx-proxy configuration to apply the new certificate.

Checking Certificate Expiration

You can check the expiration dates of your Let's Encrypt certificates to ensure they are being renewed correctly. Here are a couple of ways to do this:

1. Using the Let's Encrypt companion container logs

The logs will show information about certificate issuance and renewal:

docker logs nginx-letsencrypt

2. Using OpenSSL

You can check the expiration date of a certificate with OpenSSL:

echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 | openssl x509 -noout -dates

Replace yourdomain.com with your actual domain name.

Manual Renewal (If Needed)

In some rare cases, you might need to manually trigger a certificate renewal. You can force renew all certificates by using the following command inside the letsencrypt-nginx-proxy-companion container:

docker exec nginx-letsencrypt /app/force_renew

Key Points for Automatic Renewal

• Ensure that the letsencrypt-nginx-proxy-companion container is running and configured correctly.
• Check logs periodically to ensure there are no errors related to certificate renewal.
• Ensure your domain is accessible from the internet, as Let's Encrypt needs to validate the domain ownership during the renewal process.

With the automatic renewal in place, you should not need to worry about manually updating your certificates. Just ensure that your letsencrypt-nginx-proxy-companion container is running correctly and your domains remain accessible.