Frontend Server for Meteor Up
This is the front end server used by Meteor Up in front of meteor apps. This is
the latest version of nginx bundled as a docker image. It is configured to
run with every app deployed with Meteor Up. But, this is not a Load Balancer.
For SSL Support
We use this for SSL support for Mup.
Here's how to run this:
docker run \ --volume=/opt/<appname>/config/bundle.crt:/bundle.crt \ --volume=/opt/<appname>/config/private.key:/private.key \ --link=<appname>:backend \ --publish=443:443 \ meteorhacks/mup-frontend-server /start.sh
As you've noticed, we need to add two volumes for the
This is a bundle containing all of your certificates including the provided CA
certificates. To create this file you need to concatenate all certificates
starting from your domain certificate to the top level CA certificates.
Here's an example:
cat \ bulletproofmeteor_com.crt \ COMODORSADomainValidationSecureServerCA.crt \ COMODORSAAddTrustCA.crt \ AddTrustExternalCARoot.crt > bundle.crt
This is the private key you've used to generate the above certficate.
You can verify the SSL configuration like this:
docker run \ --volume=/opt/<appname>/config/bundle.crt:/bundle.crt \ --volume=/opt/<appname>/config/private.key:/private.key \ meteorhacks/mup-frontend-server /verify.sh
Generate automatic TLS certificate using Let's Encrypt
This image integrates letsencrypt
for automated and free of cost generation of TLS certificates.
In order to generate the certificate, it is needed to provide a valid email and
the domain(s) name that resolves to the machine exposing this containers port
Example of usage:
docker run \ --link=<appname>:backend \ --publish=443:443 \ -e TLS_GENERATE=true \ -e TLS_EMAILfirstname.lastname@example.org \ -e TLS_DOMAINS=example.com \ meteorhacks/mup-frontend-server /start.sh
There's the question why we've chosen nginx for the SSL termination. We
could've used something like
We need to get the correct IP address of the real connection, which is
required for certain apps such as Sikka. Normally SSL terminators like
bud do not support this or support it only partially.
For Static File Caching
We've not implemented this yet!