Generating certs for services that do not use port 80

[SimplicityGuy]

If I have a docker-compose file with a bunch of services, for instance mosquitto, is generating certs for such services that do not expose post 80? For instance in this case, mosquitto exposes 2 ports for SSL 8883 and 8083. Without a docker-ized solution here, the general instructions are to use certbot in standalone mode, and the configuration for mosquitto links against the letsencrypt directory directly. (reference)

[buchdag]

Hi @SimplicityGuy

I'm not certain that I completely understood your question but you can use nginx-proxy's VIRTUAL_PORT environment variable to proxy to containers that don't listen on the standard 80 and/or 443 ports.

[moracabanas]

Hi @buchdag

In my case I have a single service which serves content in 80, 3000 and 3001 ports. Will them be mapped to my VIRTUAL_HOST:3000 and VIRTUAL_HOST:3001 ?

[asyncjason]

I have a similar situation. I'm using a nexus container and it serves 3 ports 8081, 8082, 8083. In my manual nginx config, I map them on different names. Is there a way for the companion to map to multiple virtual hosts in the one container?

[asyncjason]

I tried VIRTUAL_PORT=8081,8082,8083 with 3 matching VIRTUAL_HOSTS=nexus1.xxxx.xx,nexus2.xxxx.xx,nexus3.xxxx.xx.
I doesn't support it by the looks of it. VIRTUAL_PORT is only used when 1 port is entered.
Would be good to add no?

[buchdag]

@moracabanas no they won't. The proxy is meant to serve content over the standard 80/443 ports (or another custom pair of ports but you'll lose the ability to use the companion), not to do something like yourdomain.tld:8000 => one container or container port, yourdomain.tld:8000 => another container or container port.

@jseparovic nginx-proxy's doc does not imply at any point that it provide this feature or that VIRTUAL_PORT accept a comma separated list. I'm not really certain that a project documentation should list every feature it doesn't have ...

[moracabanas]

I solved my issue swapping my nginx stack with traefik which enables the use of virtual ports for any service "connected" by docker sock and the use of labels.
I also use docker swarm.
You can consider dockerswarm.rocks to learn this stack by example.
I'm now using it in production and im quite happy with it.
Meanwhile I am learning kubernetes so traefik docs are still usefull and the transition to a large load balanced stack is good.

[moracabanas]

I would recommend to use nginx to pair less complicated or microservices with a nice and simple stack with proxy load balancing. Otherwise traefik is a no brainer.
Traefik docs are really good.