
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
This https://github.com/Paldom/docker-nginx-letsencrypt-proxy contains the Dockerfile of the https://hub.docker.com/r/dpal/docker-nginx-letsencrypt-proxy/ image.
Quick & easy HTTPS reverse proxy for your Docker services. Publish each of your Docker services and secure them with SSL certificates.
Let's assume you have a multi-container Docker application system, that consists of an api, a website, and admin interfaces for database and for content management. You may have the following network by default in your docker-compose.yml:
With this https://hub.docker.com/r/dpal/docker-nginx-letsencrypt-proxy/ image you can easly set up an NGINX reverse proxy and generate SSL certificates with certbot for your domains or subdomains, so that you can access these virtual hosts via a secure HTTPS connection. For example with yourdomain.com:
| ADDRESS | VIRTUAL HOST |
|---|---|
| api:3000 | [***] |
| dbadmin:9000 | [***] |
| web:80 | [***] |
| webadmin:8080 | [***] |
Before running a docker image, please ensure:
You can use the following environment variables:
api.yourdomain.comapi3000
...
You can define as many service you want:It is possible to use custom nginx .conf file mounted as volume (e.g. -v ./custom.com.conf:/etc/nginx/conf.d/api.yourdomain.com.conf). SERVICE_ADDRESS_N and SERVICE_PORT_N propeties are not required in that case, you should only specify host name (SERVICE_HOST_N).
1. Proxy services from a docker network
Here's a simple docker-compose.yml to try this image with your domain. service1 and service2 are dummy services running in docker network.
yamlversion: '3.7' services: nginx: image: dpal/docker-nginx-letsencrypt-proxy:latest container_name: nginx environment: - EMAIL=public@dpal.hu - SERVICE_HOST_1=api1.yourdomain.com - SERVICE_ADDRESS_1=service1 - SERVICE_PORT_1=3001 - SERVICE_HOST_2=api2.yourdomain.com - SERVICE_ADDRESS_2=service2 - SERVICE_PORT_2=3002 volumes: - ./data/nginx/error.log:/etc/nginx/error_log.log - ./data/nginx/cache/:/etc/nginx/cache ports: - 80:80 - 443:443 expose: - "80" - "443" networks: - api-network service1: image: node:alpine container_name: service1 ports: - 3001:3001 command: > sh -c "echo 'var h=require(\"http\"),s=h.createServer(function(e,r){r.writeHead(200),r.end(\"api1\")});s.listen(3001);' > index.js && node index.js" networks: - api-network service2: image: node:alpine container_name: service2 ports: - 3002:3002 command: > sh -c "echo 'var h=require(\"http\"),s=h.createServer(function(e,r){r.writeHead(200),r.end(\"api2\")});s.listen(3002);' > index.js && node index.js" networks: - api-network networks: api-network: driver: bridge
2. Proxy services with custom nginx configuration
Same as above but using a custom nginx configuration.
yamlversion: '3.7' services: nginx: image: dpal/docker-nginx-letsencrypt-proxy:latest container_name: nginx environment: - EMAIL=public@dpal.hu - SERVICE_HOST_3=api3.yourdomain.com volumes: - ./data/nginx/error.log:/etc/nginx/error_log.log - ./data/nginx/cache/:/etc/nginx/cache - ./custom.com.conf:/etc/nginx/conf.d/api3.yourdomain.com.conf ports: - 80:80 - 443:443 expose: - "80" - "443" networks: - api-network networks: api-network: driver: bridge
3. Proxy services from host network
docker-compose.yml to serve localhost:3001 and localhost:3002 services from your host network.
yamlversion: '3.7' services: nginx: image: dpal/docker-nginx-letsencrypt-proxy:latest container_name: nginx environment: - EMAIL=public@dpal.hu - SERVICE_HOST_1=api1.yourdomain.com - SERVICE_ADDRESS_1=localhost - SERVICE_PORT_1=3001 - SERVICE_HOST_2=api2.yourdomain.com - SERVICE_ADDRESS_2=localhost - SERVICE_PORT_2=3002 volumes: - ./data/nginx/error.log:/etc/nginx/error_log.log - ./data/nginx/cache/:/etc/nginx/cache expose: - "80" - "443" network_mode: host
4. Proxy services from host network with docker run
Pull image from Docker Hub:
shdocker pull dpal/docker-nginx-letsencrypt-proxy:latest
Or build from GitHub:
shdocker build -t dpal/docker-nginx-letsencrypt-proxy github.com/paldom/docker-nginx-letsencrypt-proxy
Run image with docker run instead of docker-compose:
shdocker run --network host --expose=80 --expose=443 \ -e EMAIL=public@dpal.hu \ -e SERVICE_HOST_1=api1.yourdomain.com \ -e SERVICE_ADDRESS_1=localhost \ -e SERVICE_PORT_1=3001 \ -e SERVICE_HOST_2=api2.yourdomain.com \ -e SERVICE_ADDRESS_2=localhost \ -e SERVICE_PORT_2=3002 \ dpal/docker-nginx-letsencrypt-proxy:latest
Currently the following nginx configuration is used by default for each virtual host. Some parts are managed by certbot automatically.
confserver { server_name example.com; location / { proxy_pass "http://0.0.0.0:0000"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_cache_bypass $http_upgrade; proxy_http_version 1.1; proxy_set_header Connection keep-alive; proxy_redirect off; } if ($scheme != "https") { return 301 https://$host$request_uri; } listen 80; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
A possible content for ./custom.com.conf file in example 2. (Proxy services with custom nginx configuration).
confserver { server_name api3.example.com; location / { proxy_pass http://service1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location ^~ /api { rewrite ^/api/(.*)$ /$1 break; proxy_pass http://service2:3002; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } if ($scheme != "https") { return 301 https://$host$request_uri; } listen 80; }
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务