Host Nginx + Docker Frontend + Docker Backend
This document describes how to deploy the application on a server that already hosts other websites using host-level Nginx, while keeping the backend fully containerized.
Key rule:
Only the host Nginx listens on ports 80 and 443.
Docker containers run behind it on internal ports and networks.
Internet
|
v
Host Nginx (80 / 443, SSL termination)
|
v
Backend Container (Django/API :8000, internal only)
- Linux server with Nginx, Docker, Certbot
- DNS records:
- api.yourdomain.com
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
docker network create app-network
sudo usermod -aG docker $USER
echo "YOUR_ACCESS_TOKEN" | docker login -u YOUR_USERNAME --password-stdin
docker run -d --name redis --network app-network -p 6379:6379 --restart unless-stopped redis:alpinecd /home/main
sudo mkdir -p migrations/accounts migrations/profiles migrations/api
sudo touch migrations/__init__.py
sudo touch migrations/api/__init__.py
sudo touch migrations/accounts/__init__.py
sudo touch migrations/profiles/__init__.pyCreate /etc/nginx/sites-available/api.yourdomain.com
server {
listen 80;
server_name api.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api.yourdomain.com;
ssl_certificate etc/letsencrypt/live/api.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.yourdomain.com/privkey.pem;
location /static/ {
alias /home/main/static/;
}
location /media/ {
alias /home/main/media/;
}
location / {
proxy_pass http://127.0.0.1:7080;
}
}sudo certbot --nginx -d api.yourdomain.comsudo nginx -t
sudo systemctl reload nginx- Host Nginx owns ports 80/443
- Frontend container serves UI and proxies API
- Backend container is internal only
- Other host sites remain unaffected