Fors off: I am a total beginner when it comes to docker. I do have some self hosting experience, but run pretty much everything in its on lxc and treat it like a full linux system.
Recently I installed immich in a container and was surprised to see how well it worked.
This lead my to finally tackle something I have been putting off for way to long; installing nightscout (a self hosten glucose monitoring&reporting utility).
For that I followed their guide. Everything worked well up untill the point where I wanted to connect to the web interface. I started of by entering my domain into the nightscout containers arguments (in the form subdomain.domain.tld). Then I used my reverse proxy (nginx, not inside docker) to forward the subdomain to the docker IP on Ports 443, then 80 and lastly the one displayed at the container when listing them with docker ps. None of those worked (I was not able to get a certificate using letsEncrypt and got a 404 when connecting without tls).
I then entered nighscout.[docker-IP] and tried to access it dkrectly which did not work either.
When googling I only find comparisons on how to set up nginx in Docker, or comparisons between the two.
docker-compose file
GNU nano 7.2 docker-compose.yml
version: '3'
x-logging:
&default-logging
options:
max-size: '10m'
max-file: '5'
driver: json-file
services:
mongo:
image: mongo:4.4
volumes:
- ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached
logging: *default-logging
nightscout:
image: nightscout/cgm-remote-monitor:latest
container_name: nightscout
restart: always
depends_on:
- mongo
labels:
- 'traefik.enable=true'
# Change the below Host from `localhost` to be the web address where Nightscout is running.
# Also change the email address in the `traefik` service below.
- 'traefik.http.routers.nightscout.rule=Host(`localhost`)'
- 'traefik.http.routers.nightscout.entrypoints=websecure'
- 'traefik.http.routers.nightscout.tls.certresolver=le'
logging: *default-logging
environment:
### Variables for the container
NODE_ENV: production
TZ: [removed]
### Overridden variables for Docker Compose setup
# The `nightscout` service can use HTTP, because we use `traefik` to serve the HTTPS
# and manage TLS certificates
INSECURE_USE_HTTP: 'true'
# For all other settings, please refer to the Environment section of the README
### Required variables
# MONGO_CONNECTION - The connection string for your Mongo database.
# Something like mongodb://sally:sallypass@ds099999.mongolab.com:99999/nightscout
# The default connects to the `mongo` included in this docker-compose file.
# If you change it, you probably also want to comment out the entire `mongo` service block
# and `depends_on` block above.
MONGO_CONNECTION: mongodb://mongo:27017/nightscout
# API_SECRET - A secret passphrase that must be at least 12 characters long.
API_SECRET: [removed]
### Features
# ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob
# See https://github.com/nightscout/cgm-remote-monitor#plugins for details
ENABLE: careportal rawbg iob
# AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name.
# When readable, anyone can view Nightscout without a token. Setting it to denied will require
# a token from every visit, using status-only will enable api-secret based login.
AUTH_DEFAULT_ROLES: denied
# For all other settings, please refer to the Environment section of the README
# https://github.com/nightscout/cgm-remote-monitor#environment
traefik:
image: traefik:latest
container_name: 'traefik'
command:
- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
- '--entrypoints.web.address=:80'
- '--entrypoints.web.http.redirections.entrypoint.to=websecure'
- '--entrypoints.websecure.address=:443'
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- '--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json'
# Change the below to match your email address
- '--certificatesresolvers.le.acme.email=[removed]'
ports:
- '443:443'
- '80:80'
volumes:
- './letsencrypt:/letsencrypt'
- '/var/run/docker.sock:/var/run/docker.sock:ro'
logging: *default-logging
Because I don’t know how docker works, the .yaml given by nightscout is using traefik and I don’t know how to remove it without breakting the nightscout container.
To run it with Nginx instead of Traefik, you need to figure out what port Nightscout’s web server runs on, then expose that port, e.g.,
services: nightscout: ports: - 3000:3000You can remove the labels as those are used by Traefik, as well as the Traefik service itself.
Then just point Nginx to that port (e.g., 3000) on your local machine.
—-
Traefik has to know the port, too, but it will auto detect the port that a local Docker service is running on. It looks like your config is relying on that feature as I don’t see the label that explicitly specifies the port.
This is what I would try first. It looks like 1337 is the exposed port, per https://github.com/nightscout/cgm-remote-monitor/blob/master/Dockerfile
x-logging: &default-logging options: max-size: '10m' max-file: '5' driver: json-file services: mongo: image: mongo:4.4 volumes: - ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached logging: *default-logging nightscout: image: nightscout/cgm-remote-monitor:latest container_name: nightscout restart: always depends_on: - mongo logging: *default-logging ports: - 1337:1337 environment: ### Variables for the container NODE_ENV: production TZ: [removed] ### Overridden variables for Docker Compose setup # The `nightscout` service can use HTTP, because we use `nginx` to serve the HTTPS # and manage TLS certificates INSECURE_USE_HTTP: 'true' # For all other settings, please refer to the Environment section of the README ### Required variables # MONGO_CONNECTION - The connection string for your Mongo database. # Something like mongodb://sally:sallypass@ds099999.mongolab.com:99999/nightscout # The default connects to the `mongo` included in this docker-compose file. # If you change it, you probably also want to comment out the entire `mongo` service block # and `depends_on` block above. MONGO_CONNECTION: mongodb://mongo:27017/nightscout # API_SECRET - A secret passphrase that must be at least 12 characters long. API_SECRET: [removed] ### Features # ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob # See https://github.com/nightscout/cgm-remote-monitor#plugins for details ENABLE: careportal rawbg iob # AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name. # When readable, anyone can view Nightscout without a token. Setting it to denied will require # a token from every visit, using status-only will enable api-secret based login. AUTH_DEFAULT_ROLES: denied # For all other settings, please refer to the Environment section of the README # https://github.com/nightscout/cgm-remote-monitor#environmentThen drop nginx and just use traefik.
Thats what all my other services use though and I don’t know how I’d connect them to traefic.
I recently posted most of my traefik configs, you can use it as a base to learn how traefik works:
https://lemmy.ca/comment/17702205
Note that I might not be much help with troubleshooting, as this took me a lot of trial and error and googling to make work.
There’s no time to learn like the present! Your existing compose file has an example, but if that doesn’t work, the traefik docs are useful too.