Set up nginx-proxy
This commit is contained in:
parent
ca484ac880
commit
7b211df7e5
|
@ -12,6 +12,15 @@
|
|||
# useDHCP is deprecated
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
2222
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -48,5 +57,47 @@
|
|||
};
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
autoPrune.enable = true;
|
||||
};
|
||||
|
||||
docker-containers = {
|
||||
nginx-proxy = {
|
||||
image = "jwilder/nginx-proxy:alpine";
|
||||
ports = [
|
||||
"80:80"
|
||||
"443:443"
|
||||
];
|
||||
volumes = [
|
||||
# So that we can watch new containers come up
|
||||
"/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||
# So that we can access generated certs
|
||||
"nginx-certs:/etc/nginx/certs:ro"
|
||||
# So that we can write challenge files for letsencrypt auth
|
||||
"nginx-challenges:/usr/share/nginx/html"
|
||||
# So that we can modify config on-the-fly to set up challenge
|
||||
# files
|
||||
"nginx-conf:/etc/nginx/vhost.d"
|
||||
];
|
||||
environment = {
|
||||
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
|
||||
};
|
||||
};
|
||||
|
||||
nginx-proxy-letsencrypt = {
|
||||
image = "jrcs/letsencrypt-nginx-proxy-companion";
|
||||
volumes = [
|
||||
"/var/run/docker.sock:/var/run/dokcer.sock:ro"
|
||||
"nginx-certs:/etc/nginx/certs"
|
||||
"nginx-challenges:/usr/share/nginx/html"
|
||||
"nginx-conf:/etc/nginx/vhost.d"
|
||||
];
|
||||
environment = {
|
||||
DEFAULT_EMAIL = "tm@tlater.net";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue