How to bring up a reverse proxy using the jwilder/nginx-proxy


    Exalate on-premise (such as Azure DevOps, ServiceNow) is deployed as Docker images. There is no built-in ssl support as it is much simpler to bring up a reverse proxy which can terminate SSL connections.

    Our preference is the jwilder/Nginx-proxy image which is a customization of the Nginx proxy.

    Note: A detailed tutorial is available here 

    The following steps provide a quick start-up.

    Setting up jwilder/nginx-proxy with the letsencrypt SSL configuration

    1 version: "2"
    3 services:
    4  nginx-proxy:
    5    image: jwilder/nginx-proxy
    6    container_name: nginx-proxy
    7    ports:
    8      - "80:80"
    9      - "443:443"
    10    volumes:
    11      - /etc/nginx/vhost.d
    12      - /etc/nginx/certs
    13      - /usr/share/nginx/html
    14      - /var/run/docker.sock:/tmp/docker.sock:ro
    15    networks:
    16      - proxy
    18  ssl-generator:
    19    image: jrcs/letsencrypt-nginx-proxy-companion
    20    volumes_from:
    21      - nginx-proxy
    22    volumes:
    23      - /var/run/docker.sock:/var/run/docker.sock:ro
    24    networks:
    25      - proxy
    27 networks:
    28  proxy:

    Using it in the container

    The next step is to configure a DNS name which points to the host which has the jwilder container running - assume

    In the service definition of the exalate configure the following environment variables, and then cycle the container:

     Expand source

    The jwilder proxy will detect that the container has the VIRTUAL_HOST environment variable. This will automatically add in the nginx configuration

     Expand source
    upstream {
                                    # Cannot connect to network of this container
                                    server down;
                                    ## Can be connected with "nginx-proxy" network
                            # francisexalatenet_bluejira_1
    server {
            listen 80 ;
            access_log /var/log/nginx/access.log vhost;
            return 301 https://$host$request_uri;
    server {
            listen 443 ssl http2 ;
            access_log /var/log/nginx/access.log vhost;
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_prefer_server_ciphers on;
            ssl_session_timeout 5m;
            ssl_session_cache shared:SSL:50m;
            ssl_session_tickets off;
            ssl_certificate /etc/nginx/certs/;
            ssl_certificate_key /etc/nginx/certs/;
            ssl_dhparam /etc/nginx/certs/;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /etc/nginx/certs/;
            add_header Strict-Transport-Security "max-age=31536000" always;
            include /etc/nginx/vhost.d/default;
            location / {

    The letsencrypt integration will automatically generate a LetEncrypt SSL certificate and add it into the configuration. 

    Warning: It is important that the letsencrypt service has a clear path to as it will check if that service does exist with the right settings.