[HELP] Multiple Containers (Nextcloud, HA, LetsEncrypt)

Installation
1

I am trying to configure my docker containers to use SSL with a revers proxy. Take a look at my config and see what I am doing wrong. On my router I have ports 80 and 443 forwarded to my vm containing the containers. I just need to edit my docker-compose file to add HA and have it severed up with SSL. any suggestions?

version: ‘2’

services:
proxy:
image: jwilder/nginx-proxy
container_name: proxy
ports:
- 80:80
- 443:443
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d
- ./proxy/vhost.d:/etc/nginx/vhost.d
- ./proxy/html:/usr/share/nginx/html
- ./proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
restart: always

letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt-companion
volumes_from:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./proxy/certs:/etc/nginx/certs:rw
restart: always

web:
image: nginx
container_name: nextcloud_webserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
volumes_from:
- app
environment:
- VIRTUAL_HOST=example.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=example.com
- [email protected]
networks:
- proxy-tier
restart: always

app:
image: nextcloud:fpm
container_name: nextcloud_fpm
links:
- db
volumes:
- /srv/docker/nextcloud/apps:/var/www/html/apps
- /srv/docker/nextcloud/config:/var/www/html/config
- /srv/docker/nextcloud/data:/var/www/html/data
networks:
- proxy-tier
restart: always

db:
image: mariadb
container_name: db
volumes:
- ./nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=nextcloud
networks:
- proxy-tier
restart: always

watchtower:
image: v2tec/watchtower:latest
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WATCHTOWER_NOTIFICATIONS=email
- [email protected]
- [email protected]
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.gmail.com
- [email protected]
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=password
restart: always

networks:
proxy-tier:
external:
name: nginx-proxy

2

Ignore the left alignment, happened when I pasted my compose file.

3

Take a look a this guy’s website, he is using Traefik instead of nginx, i have a similar setup with Traefik and that works like a charm.

https://geek-cookbook.funkypenguin.co.nz/

4

Thanks @PostSven I will check that out.

5 
1. Create traefik.toml file in location of your preference, you have to set this in the docker-compose.yml
2. Create acme.json file in location of your preference, you have to set this in the docker-compose.yml 
	"touch /var/data/traefik/acme.jsonchmod 600 /var/data/traefik/acme.json"

This is the content of my traefik.toml file.
#Enable logging
debug = true

logLevel = "DEBUG"

#Set default entrypoint
defaultEntryPoints = ["http", "https"]

#Redirect http to https
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

#lets encrypt http challange
[acme]
email = "your@mail"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

3. I am using docker-compose.yml for my containers, this is the config of both HASS and Traefik.
4. I also have a .env file for my environmental variables like {DOMAIN} etc https://docs.docker.com/compose/env-file/#syntax-rules 

version : '3'
services:
########################traefik########################
  traefik:
    image: traefik:latest
    command: --web --docker --docker.watch --docker.domain=${DOMAIN} --docker.exposedbydefault=false 
    container_name: traefik
    hostname: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${DOCKFIGS}/traefik/acme.json:/acme.json
      - ${DOCKFIGS}/traefik/traefik.toml:/traefik.toml
    labels:
      traefik.enable: "true"
      traefik.frontend.rule: "Host:monitor.local" #This is a local DNS entry the only way this monitoring page will work, remove this line in docker-compose.yml
      traefik.port: "8080"
      com.centurylinklabs.watchtower.enable: "true" #This is for watchtower.

  homeassistant:
    image: homeassistant/home-assistant
    container_name: home-assistant
    volumes:
     - ${DOCKFIGS}/home-assistant:/config  
     - /etc/localtime:/etc/localtime:ro
    devices:
     - /dev/ttyACM0:/dev/ttyACM0
    labels:
      traefik.enable: "true"
      traefik.frontend.rule: "Host:yourdomain.${DOMAIN}"
      traefik.port: "8123"
      com.centurylinklabs.watchtower.enable: "true"
    ports:
      - "8123:8123"
      - "51826:51826"
    restart: unless-stopped
6

@PostSven Thanks, this will definetly help me out with my configuration. I was trying to do the jwilder reverse proxy to host my nextcloud, ha, and plex containers. Seems like this would be a better solution to that. I also seen a vid on youtube about “exoframe” that rides on traefik to aide in making the configs and containers almost automatic.

EDIT: Video and in the desc. is the link to the procect
Exofram Video

1 Like
7

Looks interesting, not sure if there is a use case for me, but let me know if it works for you!

8

@PostSven thanks for the example, I haven’t had time to try it yet lol. But I will keep you posted once I have time to get it configured.

9

It worked! Thank you…I have home assistant, nextcloud, and soon to be plex all running over SSL.

1 Like
10

Hi,
I have my services running in multiple docker container, I am new to docker therefor i am using portainer, can someone help me setup traefik in a docker container using portainer instead of docker compose ?

Thankx