How to bring up a reverse proxy using the jwilder/nginx-proxy


    Exalate on-premise (such as Azure DevOps, ServiceNow) is deployed as Docker images. There is no built-in ssl support as it is much simpler to bring up a reverse proxy which can terminate SSL connections.

    Our preference is the jwilder/Nginx-proxy image, which is a customization of the Nginx proxy. This article gives you a quick run down of the setup process.

    Note: For an in-depth tutorial on this topic, please see the article here.

    Setting up jwilder/nginx-proxy with the letsencrypt SSL configuration

    Warning: Despite our best efforts, code can change without notice due to a variety of factors. If you encounter an issue in any of the code shown here and find that a specific block of code is not correct, or is causing errors, please check with the Community to find an updated version.

    1 version: "2"
    3 services:
    4  nginx-proxy:
    5    image: jwilder/nginx-proxy
    6    container_name: nginx-proxy
    7    ports:
    8      - "80:80"
    9      - "443:443"
    10    volumes:
    11     - /etc/nginx/vhost.d
    12      - /etc/nginx/certs
    13      - /usr/share/nginx/html
    14      - /var/run/docker.sock:/tmp/docker.sock:ro
    15    networks:
    16      - proxy
    18  ssl-generator:
    19    image: jrcs/letsencrypt-nginx-proxy-companion
    20    volumes_from:
    21      - nginx-proxy
    22    volumes:
    23      - /var/run/docker.sock:/var/run/docker.sock:ro
    24    networks:
    25      - proxy
    28  proxy:

    Using it in the container

    The next step is to configure a DNS name which points to the host with the jwilder container running - assume

    In the service definition of the exalate configure the following environment variables:

    Expand source

    Now, cycle the container.

    The jwilder proxy will detect that the container has the VIRTUAL_HOST environment variable. This will automatically add in the nginx configuration:

    Expand source
    upstream {
                                    # Cannot connect to network of this container
                                    server down;
                                    ## Can be connected with "nginx-proxy" network
                            # francisexalatenet_bluejira_1
    server {
            listen 80 ;
            access_log /var/log/nginx/access.log vhost;
            return 301 https://$host$request_uri;
    server {
            listen 443 ssl http2 ;
            access_log /var/log/nginx/access.log vhost;
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_prefer_server_ciphers on;
            ssl_session_timeout 5m;
            ssl_session_cache shared:SSL:50m;
            ssl_session_tickets off;
            ssl_certificate /etc/nginx/certs/;
            ssl_certificate_key /etc/nginx/certs/;
            ssl_dhparam /etc/nginx/certs/;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /etc/nginx/certs/;
            add_header Strict-Transport-Security "max-age=31536000" always;
            include /etc/nginx/vhost.d/default;
            location / {

    The letsencrypt integration will automatically generate a LetEncrypt SSL certificate and add it into the configuration.

    Warning:  It is important that the letsencrypt service has a clear path to as it will check if that service does exist with the right settings.

    Warning: In order for Let's Encrypt to generate and renew SSL Certificates, make sure the proxy server is reachable from the internet on the provided FQDN (for example,  For more information on how Let´s Encrypt works please check the documentation here.