epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-17 13:55:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
frappe_docker/docs/03-production/04-nginx-proxy-acme-companion.md
RocketQuack 99d9a1dc38
feat: add nginx-proxy with acme companion as an alternative to traefik (#1800) 
* refactor: move core nginx files into more recognizable folder structure

* chore: include HTTPS_PUBLISH_PORT in example .env

* feat: add nginx-proxy and acme-companion compose overrides

* docs: add NGINX_PROXY_HOSTS to example.env

* docs: add nginx-proxy overrides

* docs: split docs, variables for usage of traefik or nginx-proxy

* docs: update override notes for traefik proxy on separate stack

* docs: split TLS/SSL overview and add own caddy guide

* docs: add nginx-proxy + acme companion guide

* docs: add nginx-proxy and acme single-server setup guide
2026-02-06 09:56:28 +05:30

82 lines
2.4 KiB
Markdown
Raw Blame History

# nginx-proxy + acme-companion (HTTPS)
This guide explains how to use nginx-proxy with acme-companion to provide HTTPS for a Frappe Docker stack.
## When to choose this
- You want a simple, host-based reverse proxy
- You run a single bench or only a few hostnames
- You prefer environment-variable based configuration
If you need advanced routing or complex multi-site setups, **Traefik** is usually the better choice.
## Prerequisites
- Public DNS points your domain(s) to the server
- Ports 80 and 443 are reachable (HTTP-01 challenge)
- Docker and Docker Compose v2 installed
## Required environment variables
Set these in `.env`:
```bash
NGINX_PROXY_HOSTS=erp.your-domain.com
LETSENCRYPT_EMAIL=admin@your-domain.com
```
Multiple hostnames (comma-separated, no spaces):
```bash
NGINX_PROXY_HOSTS=erp.your-domain.com,erp2.your-domain.com
LETSENCRYPT_EMAIL=admin@example.com
```
Optional (non-default ports):
```bash
HTTP_PUBLISH_PORT=80
HTTPS_PUBLISH_PORT=443
```
## Compose setup (HTTPS)
For HTTPS you must include both overrides:
- `overrides/compose.nginxproxy.yaml` (nginx-proxy, VIRTUAL_HOST)
- `overrides/compose.nginxproxy-ssl.yaml` (acme-companion, LETSENCRYPT_HOST)
Example:
```sh
docker compose -f compose.yaml \
-f overrides/compose.mariadb.yaml \
-f overrides/compose.redis.yaml \
-f overrides/compose.nginxproxy.yaml \
-f overrides/compose.nginxproxy-ssl.yaml \
config > ~/gitops/docker-compose.yml
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d
```
> If you use external MariaDB/Redis, replace the database and Redis overrides accordingly.
## How hostnames are applied
`NGINX_PROXY_HOSTS` is a comma-separated list of hostnames. The overrides apply it as:
- `VIRTUAL_HOST` for nginx-proxy routing
- `LETSENCRYPT_HOST` for certificate issuance
## Verify
Check logs for certificate issuance and proxy status:
```sh
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml logs -f nginx-proxy
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml logs -f acme-companion
```
> Depending on the registrar, the assignment may take some time, whereby it must also be ensured that A and AAAA records are correctly directed to the server for the issuance of the certificate, if necessary.
See also: [Environment Variables](../02-setup/04-env-variables.md) and [TLS/SSL Setup Overview](01-tls-ssl-setup.md).
Reference in a new issue View git blame Copy permalink