I have a docker-compose.yml as follows setup at my root. For context, I have a Ghost CMS blog hosted on a Digital Ocean droplet. I want to install Commento using Docker (an open source commenting solution), but as I’m routing my traffic through Cloudflare DNS, I require SSL on both the server side and the frontend side.
However, I installed Ghost through Digital Ocean’s one click Ghost setup, which configured nginx to be the reverse proxy for my site. Nginx is NOT in the container (installed on server). Nginx listens on port 80 and 443. When I try docker-compose up, it says the following error:
Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
Traefik cannot listen on the same ports at nginx (which is not within the container, but installed on the server itself). How can I fix this problem, and have my commento server reverse proxied through SSL as well? My docker-compose is as below:
version: '3.7'
services:
proxy:
restart: always
image: traefik
command:
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=/etc/traefik/acme/acme.json"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=changeme@example.com" # TODO: Replace with your email address
- "--docker"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/acme:/etc/traefik/acme
networks:
- web
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=false"
server:
image: registry.gitlab.com/commento/commento:latest
ports:
- 8080:8080
environment:
COMMENTO_ORIGIN: https://commento.example.com # TODO: Replace commento.example.com with your domami$ COMMENTO_PORT: 8080
COMMENTO_POSTGRES: postgres://postgres:passwordexample@db:5432/commento?s$
#COMMENTO_FORBID_NEW_OWNERS: true
#COMMENTO_SMTP_HOST: smtp.mailgun.org
#COMMENTO_SMTP_PORT: 587
#COMMENTO_SMTP_USERNAME: postmaster@example.com
#COMMENTO_SMTP_PASSWORD: passwordsmtp
#COMMENTO_SMTP_FROM_ADDRESS: support@example.com
#COMMENTO_AKISMET_KEY:
#COMMENTO_GOOGLE_KEY:
#COMMENTO_GOOGLE_SECRET:
#COMMENTO_TWITTER_KEY:
#COMMENTO_TWITTER_SECRET:
depends_on:
- db
networks:
- db_network
- web
db:
image: postgres
environment:
POSTGRES_DB: commento
POSTGRES_USER: postgres
POSTGRES_PASSWORD: examplepassword #TODO: Replace STRONG_PASSWORD with th$ networks:
- db_network
volumes:
- postgres_data_volume:/var/lib/postgresql/data
volumes:
postgres_data_volume:
networks:
web:
external
db_network:
Here is my nginx server config under available sites:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
Sorry, kind of new to this. Thank you!
