Skip to content

Persistent data

Jump to bottom
Nicolas Duchon edited this page Jan 22, 2018 · 8 revisions

Persistent data

Anonymous volumes

When you follow instructions from Basic usage or Advanced usage, Docker will automatically create anonymous volumes (volumes with a random name) for every --volume / -v argument passed:

$ docker run -d \
    --name nginx-proxy \
    -p 80:80 \
    -p 443:443 \
    -v /etc/nginx/certs \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    jwilder/nginx-proxy

$ docker volume ls
DRIVER              VOLUME NAME
local               287be3abd610e5566500d719ceb8b952952f12c9324ef02d05785d4ee9737ae9
local               6530b1b40cf89efb71aa7fd19bddec927fa2bcae59b04b9c1c850af72ffe0123
local               f260f71fefadcdfc311d285d69151f2312915174d3fb1fab89949ec5ec871a54
local               f2cd94ca48904dc9cfc840ce4b265a04831c580d525253d7a0e5aac4d1dca340

Named volumes

Using named volumes instead make managing volumes easier:

$ docker run -d \
    --name nginx-proxy \
    -p 80:80 \
    -p 443:443 \
    -v certs:/etc/nginx/certs \
    -v vhost:/etc/nginx/vhost.d \
    -v html:/usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    jwilder/nginx-proxy

$ docker volume ls
DRIVER              VOLUME NAME
local               certs
local               vhost
local               html

Host volumes

Alternatively, you might want to store the certificates on a local folder rather than letting Docker create and manage a volume for them. This is easily achieved by using a host volume (binding an absolute path on your host to the /ect/nginx/certs folder on your containers):

-v /path/to/certificates:/etc/nginx/certs

No matter the type of volume you choose, if you set them on the nginx-proxy or nginx container and use --volumes_from on the others containers, they will automatically be mounted inside the container to the path your first defined.

Restraining write permission

If you want to restrain the nginx and docker-gen processes to read only access on the certificates, you'll have to use different volume flags depending on the container.

Example with anonymous volumes:

-v /etc/nginx/certs:ro on the nginx-proxy or nginx + docker-gen container(s).

-v /etc/nginx/certs:rw on the letsencrypt-nginx-proxy-companion container.

Usage:

Basic (two containers).

Advanced (three containers).

Getting containers IDs

with Docker Compose

Container utilities

Additional configuration:

Let's Encrypt / ACME

Container configuration

Persistent data

Standalone certificates

Zero SSL

Troubleshooting:

Invalid / failing authorizations

Clone this wiki locally