The Docker Stack

Prerequisites

  • docker and docker-compose installed on the server
  • A web domain
  • Ports 80, 81, and 443 open on the webserver

Setting Up DNS records (Namecheap)

This assumes that Namecheap is used as the domain register. If it isn't, it's probably not hard to adjust this section.
  1. Delete existing DNS entry placeholders
  2. Create one A record with the domain name pointing to the external IP of the server
  3. create CNAME records for all subdomains to be used (e.g. www, jellyfin, npm, etc)

It will take up to 30 minutes for DNS records to propagate.

NGINX Proxy Manager in Docker

  1. Create a reverse-proxy/ directory with a data/ and letsencrypt/ directories.
  2. Copy the following information to a file named docker-compose.yaml 
    version: '3'

services:
  app:
    container_name: reverse-proxy
    image: 'docker.io/jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

networks:
  default:
    external: true
    name: net
  3. Create an external Docker network named "net" using the commanddocker network create net
  4. Run the docker container by executing docker-compose up -d

The creation of the external net is important. This will allow NGINX Proxy Manager to refer to the services by their container names without specifying ports.

Configuring Additional Docker Containers

Configuring additional docker hosts is simple. Create them as normal, but specify them to use the same external network as the NGINX Proxy Manager. These are examples of Jellyfin and NGINX webserver docker compose files.

Jellyfin

version: '3'

services:
  jellyfin:
    image: jellyfin/jellyfin
    container_name: jellyfin
    user: 1001:998
    network_mode: 'host'
    volumes:
      - ./config:/config
      - ./cache:/cache
      - type: bind
        source: /media
        target: /media
    restart: 'unless-stopped'

networks:
    default:
        external: true
        name: net

NGINX

version: '3'

services:
  nginx:
    image: nginx
    container_name: nginx
    ports:
        - "8080:80"
    volumes:
        - ./templates:/etc/nginx/templates
        - ~/html/:/usr/share/nginx/html
    restart: 'unless-stopped'
    environment:
        - NGINX_HOST=cryptcrap.com
        - NGINX_PORT=80

networks:
    default:
        external: true
        name: net
Bring both of these online by executing docker-compose up -d

Configuring Nginx Proxy Manager in Admin Panel

  1. Connect to the webserver on port 81, either using the domain name if it's working or directly by the IP.
  2. On first login, create a default user and password.
  3. On the Hosts tab, create redirects for each subdomain using the subdomain (npm.domain.com) as the source and the container name and the port as the destination (http://reverse-proxy:81). For some rason, Jellyfin does not work with the container name and needs the local IP specified (this may be a bug).
  4. On the SSL Certificates tab, create an SSL Certificate. Specify the base domain and all subdomains, then select Save.
  5. Important: Bring down all docker containers except NGINX Proxy Manager. Then, in the Hosts tab select the three dots menu for each proxy host, select edit, and apply the SSL certificate.
  6. Bring online all docker containers brought down previously.
  7. Test connectivity.