The Docker Stack
Prerequisites
docker
anddocker-compose
installed on the server- A web domain
- Ports 80, 81, and 443 open on the webserver
Setting Up DNS records (Namecheap)
This assumes that Namecheap is used as the domain register. If it isn't, it's probably not hard to adjust this section.- Delete existing DNS entry placeholders
- Create one A record with the domain name pointing to the external IP of the server
- create CNAME records for all subdomains to be used (e.g. www, jellyfin, npm, etc)
It will take up to 30 minutes for DNS records to propagate.
NGINX Proxy Manager in Docker
- Create a
reverse-proxy/
directory with adata/
andletsencrypt/ directories.
- Copy the following information to a file named
docker-compose.yaml
version: '3' services: app: container_name: reverse-proxy image: 'docker.io/jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' - '81:81' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt networks: default: external: true name: net
- Create an external Docker network named "net" using the command
docker network create net
- Run the docker container by executing
docker-compose up -d
The creation of the external net is important. This will allow NGINX Proxy Manager to refer to the services by their container names without specifying ports.
Configuring Additional Docker Containers
Configuring additional docker hosts is simple. Create them as normal, but specify them to use the same external network as the NGINX Proxy Manager. These are examples of Jellyfin and NGINX webserver docker compose files.
Jellyfin
version: '3'
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
user: 1001:998
network_mode: 'host'
volumes:
- ./config:/config
- ./cache:/cache
- type: bind
source: /media
target: /media
restart: 'unless-stopped'
networks:
default:
external: true
name: net
NGINX
version: '3'
services:
nginx:
image: nginx
container_name: nginx
ports:
- "8080:80"
volumes:
- ./templates:/etc/nginx/templates
- ~/html/:/usr/share/nginx/html
restart: 'unless-stopped'
environment:
- NGINX_HOST=cryptcrap.com
- NGINX_PORT=80
networks:
default:
external: true
name: net
Bring both of these online by executing docker-compose up -d
Configuring Nginx Proxy Manager in Admin Panel
- Connect to the webserver on port 81, either using the domain name if it's working or directly by the IP.
- On first login, create a default user and password.
- On the Hosts tab, create redirects for each subdomain using the subdomain (npm.domain.com) as the source and the container name and the port as the destination (http://reverse-proxy:81). For some rason, Jellyfin does not work with the container name and needs the local IP specified (this may be a bug).
- On the SSL Certificates tab, create an SSL Certificate. Specify the base domain and all subdomains, then select Save.
- Important: Bring down all docker containers except NGINX Proxy Manager. Then, in the Hosts tab select the three dots menu for each proxy host, select edit, and apply the SSL certificate.
- Bring online all docker containers brought down previously.
- Test connectivity.