Container with Nginx 1.8, Node.js 6 and support for Let's Encrypt, based on passenger-docker.
This container only hosts a single app behind https.
docker create \ --name=nginx-nodejs \ -p 80:80 -p 443:443 \ -e PGID=<gid> -e PUID=<uid> \ -e DOMAIN=your.domain.com \ -v <path/to/acme/>:/var/lib/acme \ -v <path/to/your/project/>:/home/app/webapp \ jermorin/nginx-nodejs-lets-encrypt
This container is based on phusion/passenger-customizable with ssh removed. For shell access whilst the container is running do
docker exec -it nginx-nodejs bash.
This container includes acmetool to get your own Let's Encrypt certificate and a cronjob to renew them automatically. After creating and starting your own container, make sure to run
acmetool quickstart --expert and complete this small wizard. Be sure to:
RSAas the type of keys you want for your certificates.
4096as the RSA key size
WEBROOTas the Challenge Conveyance Method.
/var/run/acme/acme-challenge/as the Webroot Path.
After completing the wizard, run
acmetool want your.domain.com to install certificates in
-p 80- This port is only used for Let's Encrypt certificate creation and auto-renewal.
-p 443- This port exposes your app.
-v /var/lib/acme- This folder is where acmetool stashes its data including the certificates.
-v /home/app/webapp- This is your node.js project's root, where your server.js exists.
-e DOMAIN- This is the domain for the Nginx configuration file, it is only used to set the full path to your SSL certificate.
-e PGIDfor GroupID - See below for explanation.
-e PUIDfor UserID - See below for explanation.
By default Nginx clears all environment variables (except TZ) for its child processes. To pass variables to your app, you need to tell Nginx about them specifically. How ? Like so:
# my-variables.conf: env POSTGRES_PORT;
-v <path/to/my-variables.conf>:/etc/nginx/main.d/my-variables.conf along with
-e POSTGRES_PORT=5432 to the docker-create command to let Nginx pass your variables to the app. Any file in the main.d-directory will be read by Nginx.
What about my own nginx configuration ?
This container uses webapp.conf. If you want to make adjustments or use something else entirely, simply add
-v <path/to/your/conf>:/etc/nginx/sites-enabled/webapp.conf> to the docker-create command to overwrite the default one.
User / Group Identifiers
TL;DR - The
PUID values set the user / group you'd like your container to 'run as' to the host OS. This can be a user you've created or even root (not recommended).
Part of what makes this container work so well is by allowing you to specify your own
PGID. This avoids nasty permissions errors with relation to data volumes (
-v flags). When an application is installed on the host OS it is normally added to the common group called users, Docker apps due to the nature of the technology can't be added to this group. So this feature was added to let you easily choose when running your containers.
Updates / Monitoring
- Upgrading to the latest version of OpenSSL or Node.js is easy, connect with the running container and run
apt-get update -q && apt-get install -qy openssl nodejs.
- Monitor the logs of the container in realtime with
docker logs -f nginx-nodejs.
- Monitor stdout/stderr of your application by looking at
/var/logs/nginx/error.log, once you have shell access.