epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-17 13:55:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
frappe_docker/docs/03-production/04-nginx-proxy-acme-companion.md
RocketQuack 99d9a1dc38
feat: add nginx-proxy with acme companion as an alternative to traefik (#1800) 
* refactor: move core nginx files into more recognizable folder structure

* chore: include HTTPS_PUBLISH_PORT in example .env

* feat: add nginx-proxy and acme-companion compose overrides

* docs: add NGINX_PROXY_HOSTS to example.env

* docs: add nginx-proxy overrides

* docs: split docs, variables for usage of traefik or nginx-proxy

* docs: update override notes for traefik proxy on separate stack

* docs: split TLS/SSL overview and add own caddy guide

* docs: add nginx-proxy + acme companion guide

* docs: add nginx-proxy and acme single-server setup guide
2026-02-06 09:56:28 +05:30

2.4 KiB
Raw Blame History

nginx-proxy + acme-companion (HTTPS)

This guide explains how to use nginx-proxy with acme-companion to provide HTTPS for a Frappe Docker stack.

When to choose this

  • You want a simple, host-based reverse proxy
  • You run a single bench or only a few hostnames
  • You prefer environment-variable based configuration

If you need advanced routing or complex multi-site setups, Traefik is usually the better choice.

Prerequisites

  • Public DNS points your domain(s) to the server
  • Ports 80 and 443 are reachable (HTTP-01 challenge)
  • Docker and Docker Compose v2 installed

Required environment variables

Set these in .env:

NGINX_PROXY_HOSTS=erp.your-domain.com
LETSENCRYPT_EMAIL=admin@your-domain.com

Multiple hostnames (comma-separated, no spaces):

NGINX_PROXY_HOSTS=erp.your-domain.com,erp2.your-domain.com
LETSENCRYPT_EMAIL=admin@example.com

Optional (non-default ports):

HTTP_PUBLISH_PORT=80
HTTPS_PUBLISH_PORT=443

Compose setup (HTTPS)

For HTTPS you must include both overrides:

  • overrides/compose.nginxproxy.yaml (nginx-proxy, VIRTUAL_HOST)
  • overrides/compose.nginxproxy-ssl.yaml (acme-companion, LETSENCRYPT_HOST)

Example:

docker compose -f compose.yaml \
  -f overrides/compose.mariadb.yaml \
  -f overrides/compose.redis.yaml \
  -f overrides/compose.nginxproxy.yaml \
  -f overrides/compose.nginxproxy-ssl.yaml \
  config > ~/gitops/docker-compose.yml

docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d

If you use external MariaDB/Redis, replace the database and Redis overrides accordingly.

How hostnames are applied

NGINX_PROXY_HOSTS is a comma-separated list of hostnames. The overrides apply it as:

  • VIRTUAL_HOST for nginx-proxy routing
  • LETSENCRYPT_HOST for certificate issuance

Verify

Check logs for certificate issuance and proxy status:

docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml logs -f nginx-proxy
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml logs -f acme-companion

Depending on the registrar, the assignment may take some time, whereby it must also be ensured that A and AAAA records are correctly directed to the server for the issuance of the certificate, if necessary.

See also: Environment Variables and TLS/SSL Setup Overview.