A production-ready Central Gateway boilerplate using Nginx and Docker Compose. It handles:
- Reverse Proxy: Routing traffic to different Dockerized applications on the same host.
- SSL Termination: Automatic HTTPS with Let's Encrypt (Certbot).
- Zero Downtime: Reload configurations without stopping services.
This setup uses an external Docker network named proxy-net.
- Gateway (Nginx): Runs on
proxy-netand handles ports 80/443. - Your Apps: Run on
proxy-net(internal only) and are reachable by Nginx via container names.
- Install Docker & Docker Compose.
- Create the shared network (required once per host):
docker network create proxy-net
gateway/
├── docker-compose.yml
├── nginx/
│ └── conf.d/
│ ├── default.conf # Health check & fallback
│ └── app.conf.example # Template for your apps
├── tests/
│ └── verify_setup.py # Infrastructure verification
└── LICENSE
-
Clone and Start:
git clone <your-repo-url> gateway cd gateway docker compose up -d
-
Verify: Visit
http://localhost(or your server IP). You should see "Gateway is running!".
-
Prepare Nginx Config: Copy the example and edit it:
cp nginx/conf.d/app.conf.example nginx/conf.d/my-app.conf
Edit
my-app.conf: Changeapp.example.comto your actual domain and update theproxy_passupstream. -
Get SSL Certificate:
docker compose run --rm certbot certonly --webroot --webroot-path=/var/www/certbot -d yourdomain.com
-
Reload Nginx:
docker compose exec nginx nginx -s reload
How to move an existing standalone app to this gateway architecture.
Before (Standalone App): The app handles its own ports and SSL.
services:
web:
image: your-username/my-web-app:latest
ports:
- "80:80" # ❌ Remove this
- "443:443" # ❌ Remove thisAfter (Gateway-Ready):
Connect to proxy-net and remove port bindings.
services:
web:
image: your-username/my-web-app:latest
restart: unless-stopped
environment:
- PORT=3000
networks:
- proxy-net # ✅ Connect to gateway
# ports: ... (Removed)
networks:
proxy-net:
external: trueRun the verification script to check your folder structure:
python3 tests/verify_setup.py