This is a how-to guide to setup your host and enable an https connection over a Docker Swarm.
A Digital Ocean droplet running Ubuntu will be used.
You will need a working Docker image of your services uploaded on hub.docker.com or any other docker registry.
This is intended to speed up the process of getting things up and running by providing a prebaked Nginx template. You can of course tweak the Nginx configs that are not discussed in this guide.
you should use your personal data/name/domain/host-ip where angle brackets are shown
ex: <domain> -> example.com
The following steps make sure all requirements are met
Install docker through get.docker.com (you can skip this if you chose the droplet starting image with docker from the DO marketplace)
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
docker --version #check docker is installedInstall python and then Certbot via pip
apt update
apt install python3 python3-pip
pip3 install certbotInstall micro text editor (or any other text editor you may prefer)
apt install microClone and setup Nginx config
Create app folder (the path to the repo will be important later)
cd /usr/src/ && \
mkdir app && \
cd appClone this repo
git clone https://github.com/Deepacks/nginx-ssl-swarm-template.git nginxRemove unnecessary files
cd nginx && \
rm conf.d/sites-enabled/enabled.txt \
certs/readme.txt \
certs/www/readme.txtEdit redirects.conf
cd conf.d/sites-available
micro redirects.confSet the domain where <domain> is present
Edit services.conf
micro services.conf<frontend-service-name> and <backend-service-name>: These are the names of the docker services (next steps)
ex: my-app-frontend and my-app-backend
<frontend-service-port> and <backend-service-port>: These are the ports exposed by the docker image
Navigate to sites-enabled and add symbolic links to the sites-available configs
cd ../sites-enabled
ln -s ../sites-available/redirects.conf .
ln -s ../sites-available/services.conf .This section is dedicated to creating certificates
Create domain certificate
certbot -d <domain> --manual --preferred-challenges dns certonlyCreate www.domain certificate
certbot -d www.<domain> --manual --preferred-challenges dns certonlyCopy the new certificates inside the nginx configuration
Non-www certificates
cp <letsencrypt-folder>/<domain>/fullchain.pem \
<letsencrypt-folder>/<domain>/privkey.pem \
/usr/src/app/nginx/certs<letsencrypt-folder> : The folder that points to your letsencrypt certificates (default is /etc/letsencrypt/live/)
Www certificates (IMPORTANT: if not copying, notice /www after /usr/src/app/nginx/certs)
cp <letsencrypt-folder>/www.<domain>/fullchain.pem \
<letsencrypt-folder>/www.<domain>/privkey.pem \
/usr/src/app/nginx/certs/wwwGenerate DHPARAM (this will take a little while) inside nginx certs folder
cd /usr/src/app/nginx/certs
openssl dhparam -out dhparams.pem 4096Here is how to set up the docker environment
Initialize the docker swarm
docker swarm init --advertise-addr <your-host-ip>You want to invite other nodes to join the swarm?
You have a join-token and you want to use it?
Create folder to hold the stacks compose files
cd /usr/src/app && \
mkdir stacks && \
cd stacksCreate stack files
<stack_name>: the name you want to give to your stack
ex: my-app
touch base.yml && \
touch <stack_name>.ymlConfigure base.yml (nginx bind source must match path on server)
services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- type: bind
source: /usr/src/app/nginx
target: /etc/nginx
networks:
- proxy_net
mongo:
image: mongo
volumes:
- mongovolume:/data/db
networks:
- proxy_net
volumes:
mongovolume:
driver: local
networks:
proxy_net:
driver: overlayConfigure <stack_name>.yml
services:
web:
image: <docker-image>
networks:
- proxy_net
server:
image: <docker-image>
networks:
- proxy_net
networks:
proxy_net:
name: base_proxy_net
external: trueDeploy the base stack
docker stack deploy -c base.yml baseDeploy the custom stack
docker stack deploy -c <stack_name>.yml <stack_name>