Skip to content
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ To run nginx proxy as a separate container you'll need:
curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > /path/to/nginx.tmpl
```

2) Set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of the docker-gen container.
2) Use the `com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true` label on the docker-gen container, or explicitly set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of that container.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no need for =true. Just a plain label is enough. It doesn't have to be a key-value pair.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually there is, because it defaults to an empty string and I kept the logic from #181 where it checks for the value "true": jq -r '.[] | select( .Labels["'$1'"] == "true")|.Id'

We would have to change this query, I'm not opposed to it.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I think it's better to disregard the value, since it doesn't matter: jq -r '.[] | select( .Labels["'$1'"])|.Id' 👍

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, it's incredibly inefficient to fetch the list of all containers. The Docker Engine API allows filtering by labels.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll look into that!

Copy link

@teohhanhui teohhanhui Jul 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's better for performance but also makes it easier to filter by simply a label or label=value.

I improved my docker-label-sighup, based on this.

It's cooler now, because it allows me to do this: -notify "docker-label-sighup com.docker.swarm.service.name=frontend_nginx"

So I can reuse the labels that already exist.


Examples:

Expand All @@ -86,23 +86,25 @@ $ docker run -d \
--volumes-from nginx \
-v /path/to/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true \
jwilder/docker-gen \
-notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
```

* Then start this container (NGINX_DOCKER_GEN_CONTAINER variable must contain the docker-gen container name or id):
* Then start this container:
```bash
$ docker run -d \
--name nginx-letsencrypt \
-e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" \
--volumes-from nginx \
-v /path/to/certs:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
jrcs/letsencrypt-nginx-proxy-companion
```
Then start any containers to be proxied as described previously.

* If for some reason you can't use the docker --volumes-from option, you can specify the name or id of the nginx container with `NGINX_PROXY_CONTAINER` variable.
* Then start any containers to be proxied as described previously.

Note: If the docker-gen container name is static and you want to explicitly set it, use `-e NGINX_DOCKER_GEN_CONTAINER=nginx-gen`. The same thing is true with the nginx container (`-e NGINX_PROXY_CONTAINER=nginx`).


#### Let's Encrypt

Expand Down Expand Up @@ -172,5 +174,5 @@ If you want other examples how to use this container, look at:
* [Evert Ramos's Examples](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) - using docker-compose version '3'
* [Karl Fathi's Examples](https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples)
* [More examples from Karl](https://github.com/pixelfordinner/pixelcloud-docker-apps/tree/master/nginx-proxy)
* [George Ilyes' Examples](https://github.com/gilyes/docker-nginx-letsencrypt-sample)
* [George Ilyes' Examples](https://github.com/gilyes/docker-nginx-letsencrypt-sample)
* [Dmitry's simple docker-compose example](https://github.com/dmitrym0/simple-lets-encrypt-docker-compose-sample)
9 changes: 2 additions & 7 deletions app/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,7 @@ function get_nginx_proxy_cid {
break
fi
done
# Check if any container has been labelled as the nginx proxy container.
local labeled_cid=$(docker_api "/containers/json" | jq -r '.[] | select( .Labels["com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"] == "true")|.Id')
if [[ ! -z "${labeled_cid:-}" ]]; then
export NGINX_PROXY_CONTAINER=$labeled_cid
fi
if [[ -z "${NGINX_PROXY_CONTAINER:-}" ]]; then
if [[ -z "$(nginx_proxy_container)" ]]; then
echo "Error: can't get nginx-proxy container id !" >&2
echo "Check that you use the --volumes-from option to mount volumes from the nginx-proxy or label the nginx proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true'." >&2
exit 1
Expand Down Expand Up @@ -79,7 +74,7 @@ source /app/functions.sh

if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
check_docker_socket
if [[ -z "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then
if [[ -z "$(docker_gen_container)" ]]; then
[[ -z "${NGINX_PROXY_CONTAINER:-}" ]] && get_nginx_proxy_cid
fi
check_writable_directory '/etc/nginx/certs'
Expand Down
34 changes: 25 additions & 9 deletions app/functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -67,21 +67,37 @@ function docker_kill {
docker_api "/containers/$id/kill?signal=$signal" "POST"
}

function labeled_cid {
docker_api "/containers/json" | jq -r '.[] | select( .Labels["'$1'"] == "true")|.Id'
}

function docker_gen_container {
echo ${NGINX_DOCKER_GEN_CONTAINER:-$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen)}
}

function nginx_proxy_container {
echo ${NGINX_PROXY_CONTAINER:-$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy)}
}

## Nginx
reload_nginx() {
if [[ -n "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then
local _docker_gen_container=$(docker_gen_container)
local _nginx_proxy_container=$(nginx_proxy_container)

if [[ -n "${_docker_gen_container:-}" ]]; then
# Using docker-gen and nginx in separate container
echo "Reloading nginx docker-gen (using separate container ${NGINX_DOCKER_GEN_CONTAINER})..."
docker_kill "$NGINX_DOCKER_GEN_CONTAINER" SIGHUP
if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then
echo "Reloading nginx docker-gen (using separate container ${_docker_gen_container})..."
docker_kill "${_docker_gen_container}" SIGHUP

if [[ -n "${_nginx_proxy_container:-}" ]]; then
# Reloading nginx in case only certificates had been renewed
echo "Reloading nginx (using separate container ${NGINX_PROXY_CONTAINER})..."
docker_kill "$NGINX_PROXY_CONTAINER" SIGHUP
echo "Reloading nginx (using separate container ${_nginx_proxy_container})..."
docker_kill "${_nginx_proxy_container}" SIGHUP
fi
else
if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then
echo "Reloading nginx proxy..."
docker_exec "$NGINX_PROXY_CONTAINER" \
if [[ -n "${_nginx_proxy_container:-}" ]]; then
echo "Reloading nginx proxy (${_nginx_proxy_container})..."
docker_exec "${_nginx_proxy_container}" \
'[ "sh", "-c", "/usr/local/bin/docker-gen -only-exposed /app/nginx.tmpl /etc/nginx/conf.d/default.conf; /usr/sbin/nginx -s reload" ]'
fi
fi
Expand Down