nginx-proxy and let's encrypt

[peterspat]

Hello,

First and foremost, I want to express my gratitude for your outstanding plugin! However, I'm currently encountering difficulties while attempting to configure it with nginx-proxy and acme-companion in a docker-compose file in order to utilize a custom subdomain and SSL.

Whenever I attempt to access the site "https://couchdb.my-domain.com" I encounter an NGINX error. Additionally, Obsidian is unable to locate the database. On the other hand, when I try to access "http://ip-of-server:5988/" via my web browser, I am presented with the login prompt. Furthermore, when I attempt to connect to this address via Obsidian, it is able to locate it. Nevertheless, my preference is to employ SSL and, if possible, my custom subdomain.

docker-compose.yml

version: "3.5"
services:

  nginx-proxy:
      image: nginxproxy/nginx-proxy
      container_name: nginx-proxy
      ports:
        - "80:80"
        - "443:443"
      depends_on:
        - couchdb
      networks:
        - devops
      volumes:
        - ./nginx/conf:/etc/nginx/conf.d
        - /var/run/docker.sock:/tmp/docker.sock:ro
        - ./nginx/certs:/etc/nginx/certs:ro
        - ./nginx/vhost.d:/etc/nginx/vhost.d
        - ./nginx/html:/usr/share/nginx/html
        - ./nginx/dhparam:/etc/nginx/dhparam
      restart: always

  acme-companion:
    restart: always
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    volumes_from:
      - nginx-proxy
    networks:
        - devops
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./nginx/certs:/etc/nginx/certs
      - ./nginx/acme:/etc/acme.sh
    depends_on:
      - nginx-proxy

  couchdb:
   image: couchdb
   container_name: obsidian-livesync
   environment:
     - COUCHDB_USER=ADMIN
     - COUCHDB_PASSWORD=PW
     - PUID=1000
     - PGID=1000
     - LETSENCRYPT_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
     - VIRTUAL_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
     - VIRTUAL_PORT=5984
   volumes:
     - ./data:/opt/couchdb/data
     - ./local.ini:/opt/couchdb/etc/local.ini
   ports:
     - 5988:5984
   restart: always

My local.ini looks like this:

[couchdb]
single_node=true
max_document_size = 50000000

[chttpd]
require_valid_user = true
max_http_request_size = 4294967296
enable_cors = true

[chttpd_auth]
require_valid_user = true
authentication_redirect = /_utils/session.html

[httpd]
WWW-Authenticate = Basic realm="couchdb"
bind_address = 0.0.0.0

[cors]
origins = app://obsidian.md, capacitor://localhost, http://localhost
credentials = true
headers = accept, authorization, content-type, origin, referer
methods = GET,PUT,POST,HEAD,DELETE
max_age = 3600

Other services like portainer are working, if I deploy them like that:

  portainer-ce:
    image: portainer/portainer-ee:2.16.1
    networks:
      - devops
    ports:
      - 8400:8000
      - 9400:9000
    container_name: portainer
    environment:
      - LETSENCRYPT_HOST=portainer.my-domain.com,www.portainer.my-domain.com
      - VIRTUAL_HOST=portainer.my-domain.com,www.portainer.my-domain.com
      - VIRTUAL_PORT=9000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./portainer/data:/data
    restart: always

[vrtmrz]

I appreciate your question! I am not sure about these images, However, I assume that these ports should be the same.

 couchdb:
  image: couchdb
  container_name: obsidian-livesync
  environment:
    - COUCHDB_USER=ADMIN
    - COUCHDB_PASSWORD=PW
    - PUID=1000
    - PGID=1000
    - LETSENCRYPT_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
    - VIRTUAL_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
    - VIRTUAL_PORT=5984 #<-- Does this mean nginx proxies to 5984?
  volumes:
    - ./data:/opt/couchdb/data
    - ./local.ini:/opt/couchdb/etc/local.ini
  ports:
    - 5988:5984 #<-- If so, we probably have to expose port 5984 to 5984.

[peterspat]

Thanks for your reply! Unfortunately, this does not resolve the problem. It shifts the problem to the port 5984 so that I can access "http://ip-of-server:5984/" but the subdomain (with and without https) still shows a nginx error.

As far as I understand the VIRTUAL_PORT it maps the specified domain to the exposed port of the docker and maps it to the required port of the application. So if the application exposes port 80, but all of your docker images expose port 80 then they would be already in use. Thus, you map e.g. port 90 to port 80 of docker image A, port 91 to port 80 of docker image B and so on. However, VIRTUAL_PORT would still be port 80.

I found my mistake. I was missing the network configuration in the couchdb image. So for everyone setting up nginx-proxy and let's encrypt they could do it like this:

version: "3.5"
services:

 nginx-proxy:
     image: nginxproxy/nginx-proxy
     container_name: nginx-proxy
     ports:
       - "80:80"
       - "443:443"
     depends_on:
       - couchdb
     networks:
       - devops
     volumes:
       - ./nginx/conf:/etc/nginx/conf.d
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx/certs:/etc/nginx/certs:ro
       - ./nginx/vhost.d:/etc/nginx/vhost.d
       - ./nginx/html:/usr/share/nginx/html
       - ./nginx/dhparam:/etc/nginx/dhparam
     restart: always

 acme-companion:
   restart: always
   image: nginxproxy/acme-companion
   container_name: nginx-proxy-acme
   volumes_from:
     - nginx-proxy
   networks:
       - devops
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
     - ./nginx/certs:/etc/nginx/certs
     - ./nginx/acme:/etc/acme.sh
   depends_on:
     - nginx-proxy

 couchdb:
  image: couchdb
  container_name: obsidian-livesync
  environment:
    - COUCHDB_USER=ADMIN
    - COUCHDB_PASSWORD=PW
    - PUID=1000
    - PGID=1000
    - LETSENCRYPT_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
    - VIRTUAL_HOST=couchdb.my-domain.com,www.couchdb.my-domain.com
    - VIRTUAL_PORT=5984
   networks:
       - devops
  volumes:
    - ./data:/opt/couchdb/data
    - ./local.ini:/opt/couchdb/etc/local.ini
  ports:
    - 5988:5984
  restart: always

networks:
  devops:
    name: devops-network