Been trying to learn Docker when I hit a brick wall. How do I use nginx reverse proxy + letsencrypt with multiple containers? I only managed to do it with a single container. Using docker-compose or stuff like that I guess?

Docker-compose is the reigning champion for multi-container deployments AFAIK. Lets you define which ports get exposed to the outside, and you can configure your containers to connect to private networks that can separate different communication channels, most importantly, lets the containers talk to each other without opening the port on the host.

Oh, and did I mention that all your containers are in one file? Pretty nice.

If you want to go for a reverse proxy (good choice Btw), try looking into HAProxy and save yourself a lot of hassle. Now I'm still a beginner too, so this may not be the best way to go, but it's how I'm planning to do it.

1. Spin up a default nginx container, binding to host port 80 and 443. Then 'docker exec - it ${container} bash', to install certbot in that container.

2. Use that container to get a wildcard cert, by having your DNS controlled by digital Ocean, cloud flare or some other DNS provider that supports it.

3. IIRC certbot saves the certs in /etc/letsencrypt/live/${your domain}, so make sure to bind that folder to host, or else your certs are gone when you close your container.

4. Close the container, and spin up HAProxy on host port 80 and 443(remove the nginx container from these ports). Remember that all containers live on the same network, so no need to bind ports to host, from all the containers you want to reverse proxy to. You just need to find out what ip they have on the docker network.

5. To make sure that certbot is able to renew the certs when it comes time to do so, make sure that your a-level domain proxies to a container setup with certbot.

DISCLAIMER: I've literally just woken up from a terrible night's sleep, and writing all this from memory, so there may be some errors here and there, so someone please do correct me if you see something wrong

@tokumei agreed with you. Looking at it, very convenient and you just need a single script to deploy everything and this is why I'm trying to get proper understanding about it. 😄

@KasperNS oh you saviour! I will try this once I get my free time back and report if there's anything wrong out of it. Thank you so much!

@Zerocchi you're very welcome 😃 I haven't tried it for myself yet, but I don't what could go wrong 😂

@Zerocchi would love to experiment. Can you please put the dockerfile n instructions in GitHub n share?