diff --git a/.env.docker b/.env.docker index 0f5aa6112..b512ce5d0 100644 --- a/.env.docker +++ b/.env.docker @@ -952,4 +952,10 @@ DOCKER_WEB_PORT_EXTERNAL_HTTP="8080" DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock" # Prefix for container names (without any dash at the end) -DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}-" +DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}" + +# Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service +DOCKER_PROXY_PROFILE="" + +# Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service +DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE}" diff --git a/docker-compose.yml b/docker-compose.yml index b2977e1e2..d56f61aa6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,7 +36,7 @@ services: container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme" restart: unless-stopped profiles: - - ${DOCKER_PROXY_ACME_PROFILE:-$DOCKER_PROXY_PROFILE} + - ${DOCKER_PROXY_ACME_PROFILE} environment: DEBUG: 0 DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}" @@ -57,9 +57,6 @@ services: restart: unless-stopped build: target: apache-runtime - deploy: - mode: replicated - replicas: 1 volumes: - "./.env:/var/www/.env" - "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache" @@ -74,8 +71,8 @@ services: com.github.nginx-proxy.nginx-proxy.keepalive: 30 com.github.nginx-proxy.nginx-proxy.http2.enable: true com.github.nginx-proxy.nginx-proxy.http3.enable: true - # ports: - # - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80" + ports: + - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80" depends_on: - db - redis diff --git a/docker/faq.md b/docker/faq.md index c284940b8..f1354f1c3 100644 --- a/docker/faq.md +++ b/docker/faq.md @@ -2,18 +2,25 @@ ## I already have a Proxy, how do I disable the included one? -No problem! All you have to do is +No problem! All you have to do is: -1. *Comment out* (or delete) the `proxy` and `proxy-acme` services in `docker-compose.yml` -1. *Uncomment* the `ports` block for the `web` servince in `docker-compose.yml` -1. Change the `DOCKER_WEB_PORT_EXTERNAL_HTTP` setting in your `.env` if you want to change the port from the default `8080` -1. Point your proxy upstream to the exposed `web` port. +1. Change the `DOCKER_PROXY_PROFILE` key/value pair in your `.env` file to `"disabled"`. + * This disables the `proxy` *and* `proxy-acme` services in `docker-compose.yml`. + * The setting is near the bottom of the file. +1. Point your proxy upstream to the exposed `web` port (**Default**: `8080`). + * The port is controlled by the `DOCKER_WEB_PORT_EXTERNAL_HTTP` key in `.env`. + * The setting is near the bottom of the file. ## I already have a SSL certificate, how do I use it? -1. *Comment out* (or delete) the `proxy-acme` service in `docker-compose.yml` -1. Put your certificates in `${DOCKER_CONFIG_ROOT}/proxy/certs/${APP_DOMAIN}/`. The following files are expected to exist in the directory for the proxy to detect and use them automatically (this is the same directory and file names as LetsEncrypt uses) - 1. `cert.pem` - 1. `chain.pem` - 1. `fullchain.pem` - 1. `key.pem` +1. Change the `DOCKER_PROXY_ACME_PROFILE` key/value pair in your `.env` file to `"disabled"`. + * This disabled the `proxy-acme` service in `docker-compose.yml`. + * It does *not* disable the `proxy` service. +1. Put your certificates in `${DOCKER_CONFIG_ROOT}/proxy/certs` (e.g. `./docker-compose/config/proxy/certs`) + * You may need to create this folder manually if it does not exists. + * The following files are expected to exist in the directory for the proxy to detect and use them automatically (this is the same directory and file names as LetsEncrypt uses) + 1. `${APP_DOMAIN}.cert.pem` + 1. `${APP_DOMAIN}.chain.pem` + 1. `${APP_DOMAIN}.fullchain.pem` + 1. `${APP_DOMAIN}.key.pem` + * See the [`nginx-proxy` configuration file for name patterns](https://github.com/nginx-proxy/nginx-proxy/blob/main/nginx.tmpl#L659-L670)