{"id":20127739,"url":"https://github.com/neonsy/neonwhale-dockerlab","last_synced_at":"2026-05-23T16:44:59.189Z","repository":{"id":217133449,"uuid":"742885224","full_name":"Neonsy/NeonWhale-DockerLab","owner":"Neonsy","description":"These are my docker experiments","archived":false,"fork":false,"pushed_at":"2024-06-13T06:08:52.000Z","size":44,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-02T21:26:32.273Z","etag":null,"topics":["certificate","certificate-authority","docker","docker-lab","lemp-stack","letsencrypt","nginx-docker","nginx-reverse-proxy"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Neonsy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-13T16:57:36.000Z","updated_at":"2025-01-13T20:30:39.000Z","dependencies_parsed_at":"2024-01-19T14:27:30.772Z","dependency_job_id":"fa1151e3-c55d-4e1e-b895-96ed9bc8d792","html_url":"https://github.com/Neonsy/NeonWhale-DockerLab","commit_stats":null,"previous_names":["drneonsy/neonwhale-dockerlab","neonsy/neonwhale-dockerlab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Neonsy/NeonWhale-DockerLab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neonsy%2FNeonWhale-DockerLab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neonsy%2FNeonWhale-DockerLab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neonsy%2FNeonWhale-DockerLab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neonsy%2FNeonWhale-DockerLab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Neonsy","download_url":"https://codeload.github.com/Neonsy/NeonWhale-DockerLab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neonsy%2FNeonWhale-DockerLab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33404268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T04:15:53.637Z","status":"ssl_error","status_checked_at":"2026-05-23T04:15:53.242Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","certificate-authority","docker","docker-lab","lemp-stack","letsencrypt","nginx-docker","nginx-reverse-proxy"],"created_at":"2024-11-13T20:23:33.967Z","updated_at":"2026-05-23T16:44:59.151Z","avatar_url":"https://github.com/Neonsy.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NeonWhale - DockerLab\n\nThis Repository is a collection of ![Docker](https://img.shields.io/badge/Docker%20Compose-0e0b33?style=for-the-badge\u0026logo=docker\u0026logoColor=00ccff) stacks, that I've made for various reasons.\n\nMethods for obtaining a Certificate, in thise case for local development, can be found [here](#methods-for-obtaining-certificates).\n\n## Stacks\n\n-   [PHP Dev Stack (Local - SSC)](#php-dev-stack-local---ssc)\n-   [PHP Dev Stack (Local - LEC)](#php-dev-stack-local---lec)\n\n### [PHP Dev Stack (Local - SSC)](\u003c/PHP%20Dev%20Stack%20(Local%20-%20SSC)\u003e)\n\n#### Services\n\n![NGINX](https://img.shields.io/badge/NGINX-061703?style=for-the-badge\u0026logo=nginx\u0026logoColor=009639)\n![PHP](https://img.shields.io/badge/PHP%208.3.1-0a0317?style=for-the-badge\u0026logo=php\u0026logoColor=777BB4)\n![MariaDB](https://img.shields.io/badge/MariaDB-011A21?style=for-the-badge\u0026logo=mariadb\u0026logoColor=009BCA)\n![PHPMyAdmin](https://img.shields.io/badge/PHPMyAdmin-191824?style=for-the-badge\u0026logo=phpmyadmin\u0026logoColor=6C78AF)\n\n##### Purpose\n\nThe purpose of this `Stack`, was to learn more about the nginx server, the content of the configuration files, as well as how a full development configuration for php could look like.\nWhile I have [generated the config files](https://www.digitalocean.com/community/tools/nginx), I've also learned **more** about what they do.\n\n##### Features and Config\n\n-   Nginx Server\n\n    -   Configured for `HTTPS` with `HTTP/2`.\n    -   Redirects all `HTTP` requests to `HTTPS`.\n    -   Listening for the custom local `domain =\u003e your_domain.com`.\n    -   The `Container` path for `NGINX` and `PHP FPM` is `/var/www/domain`.\n    -   The `NGINX` root directory for the files that should **only** be served is pointing to the `Public` directory (Case Sensitive).\n\n-   PHP FPM\n\n    -   A `php.ini-development` and `php.ini-production` template.\n        -   Both have the same values, as the original templates, except for `[extension_dir, pdo_mysql]`.\n        -   `php.ini-development` has XDebug enabled and configured.\n    -   A `php.ini` file. (Currently set for development).\n    -   PDO_MySQL installed and enabled.\n    -   XDebug installed and enabled.\n\n-   PHPMyAdmin\n\n    -   Used for easy database management.\n    -   `HTTPS` only.\n\n-   MariaDB\n    -   Using the `create_tables.sql` from PHPMyAdmin, the `PHPMyAdmin Database` is being populated.\n\n### [PHP Dev Stack (Local - LEC)](\u003c/PHP%20Dev%20Stack%20(Local%20-%20LEC)\u003e)\n\n#### Services\n\n![NGINXProxyManager](https://img.shields.io/badge/NGINX%20Proxy%20Manager-29100A?style=for-the-badge\u0026logo=nginxproxymanager\u0026logoColor=F15833)\n![NGINX](https://img.shields.io/badge/NGINX-061703?style=for-the-badge\u0026logo=nginx\u0026logoColor=009639)\n![PHP](https://img.shields.io/badge/PHP%208.3.1-0a0317?style=for-the-badge\u0026logo=php\u0026logoColor=777BB4)\n![MariaDB](https://img.shields.io/badge/MariaDB-011A21?style=for-the-badge\u0026logo=mariadb\u0026logoColor=009BCA)\n![PHPMyAdmin](https://img.shields.io/badge/PHPMyAdmin-191824?style=for-the-badge\u0026logo=phpmyadmin\u0026logoColor=6C78AF)\n\n##### Purpose\n\nThis `Stack` is a demo for how to use the NGINXProxyManager, in order to obtain a wildcard Certificate, allowing for a trusted local environment. (Though this can also be used for external access).\n\n##### Features and Config\n\nMainly using the NGINXProxyManager.\n\nThe other services can be found [here](#features-and-config).\n\nDifference? The SSL directories are gone, which also means that they are not being copied or added.\nOn top of that the Dockerfile and NGINX Server config no longer have SSL directives.\n\n## Methods for obtaining Certificates\n\n-   [Self Signed Certificates (SSC)](#introduction-to-ssc--how-to---stepbystep-windows)\n-   [Signed Wildcard Certificates using LetsEnCrypt, with a free option! (LEC)](#introduction-to-lec--how-to---stepbystep-docker)\n\n### Introduction to (SSC) | How To - StepByStep (Windows)\n\nGenerating and using a SSC (Self Signed Certificate) can be a bit much, especially if the topic is one you don't know much about. There are plenty of resources out there, in the world wild web, but they don't necessarily have the full information needed to pull it of.\n\nIn order to be able to locally map an IP-Address to a \"Domain\", you need to edit the hosts file with elevated privileges.\n\n#### 1. Navigate to `c:\\Windows\\System32\\Drivers\\etc\\` and open the `hosts` file.\n\n```ps\ncd c:\\Windows\\System32\\Drivers\\etc\\\n\nnotepad hosts\n```\n\nThis is how the `hosts` file could look like, if you have docker installed:\n\n```txt\n# Copyright (c) 1993-2009 Microsoft Corp.\n#\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\n#\n# This file contains the mappings of IP addresses to host names. Each\n# entry should be kept on an individual line. The IP address should\n# be placed in the first column followed by the corresponding host name.\n# The IP address and the host name should be separated by at least one\n# space.\n#\n# Additionally, comments (such as these) may be inserted on individual\n# lines or following the machine name denoted by a '#' symbol.\n#\n# For example:\n#\n#      102.54.94.97     rhino.acme.com          # source server\n#       38.25.63.10     x.acme.com              # x client host\n\n# localhost name resolution is handled within DNS itself.\n#\t127.0.0.1       localhost\n#\t::1             localhost\n# Added by Docker Desktop\n192.168.178.157 host.docker.internal\n192.168.178.157 gateway.docker.internal\n# To allow the same kube context to work on the host and the container:\n127.0.0.1 kubernetes.docker.internal\n# End of section\n```\n\n#### 2. Create your custom mapping\n\nYou can just go to the end of the `hosts` file and for example write the following:\n\n```txt\n# Custom Defined Mappings\n\n127.0.0.1\tyour_domain.com\n```\n\n```diff\n! Save and close the hosts file and powershell window, otherwise the changes might not take effect!\n```\n\n#### 3. Get your certificates\n\nFor this step, it is time to get a temporary `container` that allows us to generate what we need.\n\nThere are many ways to do this and probably even better ones, but I'm sticking to something, where I can safely say that it works.\n\nWe will create an ubuntu container, update the package list, install openssl and generate our files.\n\n```ps\ncd LOCATION_WHERE_YOU_WANT_TO_STORE_YOUR_CERTS\n```\n\n```ps\ndocker run -it --rm -v ${pwd}:/home/certs -w /home/certs ubuntu\n```\n\n-   docker run =\u003e Creates a `Container` from an image.\n-   -it =\u003e Launches that `Container` in interactive mode. (Especially **necessary if** the **container has no job** to do).\n-   --rm =\u003e Removes the `Container` after exiting or stopping it.\n-   -v =\u003e Either creates a volume or binds / mounts a host path to a `container` path. (**Bind** in this case).\n-   -w =\u003e Sets the work directory, which will be the path you start in.\n-   image:tag =\u003e The image you want to use for the `container`. (**ubuntu:latest** in this case).\n\nIf the openssl commands below do not work with this docker run command, try installing it.\n\n```bash\napt update \u0026\u0026 apt install openssl\n```\n\nDue to some issues, that can arise when failing to fill out specific questions upon generating the CSR, I've decided to update this entry with an example config file.\n\nJust replace everything in \u003c\u003e with the actual value and save it as `openssl.cnf`, within the same directory you've launched your `docker run` command in.\n\n```cnf\n[req]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\nprompt = no\n\n[req_distinguished_name]\nC = \u003cCountry Name (2 letter code)\u003e\nST = \u003cState or Province Name (full name)\u003e\nL = \u003cLocality Name (eg, city)\u003e\nO = \u003cOrganization Name (eg, company)\u003e\nOU = \u003cOrganizational Unit Name (eg, section)\u003e\nCN = \u003cCommon Name (e.g., the domain name)\u003e\n\n[v3_req]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = \u003cyour-domain-name\u003e\n```\n\n```bash\nopenssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -config openssl.cnf\n```\n\n-   -req =\u003e Initiates the creation of a CSR (Certificate Signing Request).\n-   -new =\u003e Indicates that a new CSR is being created.\n-   -newkey rsa:2048 =\u003e Creates a new RSA private key of 2048 bits.\n-   -nodes =\u003e Prevents the encryption of the output key.\n-   -keyout domain.key =\u003e Specifies the filename to write the newly created private key to.\n-   -out domain.csr =\u003e Specifies the output filename to write the CSR to.\n-   -config =\u003e This specifies the configuration file to use, which includes the details for the SAN(s). (Subject Alternative Name(s)).\n\n```bash\nopenssl x509 -req -days 365 -in domain.csr -signkey domain.key -out domain.crt -extensions v3_req -extfile openssl.cnf\n```\n\n-   -x509 =\u003e Is the OpenSSL utility for displaying and manipulating X.509 certificates.\n-   -req =\u003e Indicates that a certificate signing request (CSR) is being used.\n-   -days 365 =\u003e Specifies that the certificate will be valid for 365 days.\n-   -in domain.csr =\u003e Specifies the input file, which is the CSR.\n-   -signkey domain.key =\u003e Specifies the file with the private key to use for signing.\n-   -out domain.crt =\u003e Specifies the output file, which is the certificate.\n-   -extensions v3_req =\u003e This specifies the extensions to use for the certificate, which are defined in the configuration file.\n-   -extfile =\u003e This specifies the configuration file that contains the extension details, including the SANs.\n\n#### 4. Install the certificate\n\nIn order to trust the certificate, as well as remove the warnings and insecurity flags, you have to install it.\n\n1. Open the control panel.\n2. Search of `Manage User Certificates`.\n3. Navigate to `Trusted Root Certification Authorities`.\n4. RightClick `Certificates`.\n5. Go to `All Tasks \u003e Import` and follow the Instructions.\n\n#### 5. How to proceed\n\nNow, that you have your files, you can use them `.crt` and `.key` to enable https for your web based projects.\n\n### Introduction to (LEC) | How To - StepByStep (Docker)\n\nEver wanted a dynamic way, to give everything you serve a subdomain without requesting a certificate for every subdomain?\nWell, your in luck! The answer is (LEC) LetsEnCrypt.\nIn this section I'm showing you a way (or two), to generate one certificate and use it for an x amount of services.\n\nGranted, you will need to own a Domain, but don't be discouraged, because while there are `TLD` you can try on sites like [NameCheap](https://www.namecheap.com/), [CloudFlare](https://www.cloudflare.com/) or [DigitalOcean](https://www.digitalocean.com/), you can also use a free service called [DuckDNS](https://www.duckdns.org/), which will provide you a free subdomain you can branch of.\n\nI was wondering if there is a way to get a certificate for an IP address, so that local development can continue in a free manner, but then I finally figured out, how to make a SSC (Self Signed Certificate) work under windows.\n\nBut then I learned that (LEC) Let'sEncrypt has more than just the HTTP challenge, which makes this entire thing possible. You can make a challenge, that verifies you as the Domain owner, allowing for a wildcard certificate.\n\n#### 1. Own a Domain\n\nWhether you own a Domain from [DuckDNS](https://www.duckdns.org/), or working with a paid one, the only difference would be, that one a real one you would have to specify a `CNAME` entry where the `alias` would be `*` and point tp `@` or `root`.\n\nThe IP of your `A Type` entry points to whatever your use case is. If you only want to access whatever you develop on your local machine, then you can point it to `127.0.0.1`. If you want to be able to access your services on your `LAN`, then you should use your local IP Address.\n\nI went with buying a Domain from [NameCheap](https://www.namecheap.com/) and configuring it with the DNS from [CloudFlare](https://www.cloudflare.com/).\nBut in the following steps, I'll use [DuckDNS](https://www.duckdns.org/), because I want everyone, to be able to follow along.\n\n#### 2. Create a stack with NginxProxyManager\n\nThere are other solutions out there, but this is for now, the simplest one.\n\n```diff\n! You don't have to / should bind any ports of a service, that runs or is connected to this Stack.\n\n+ Only the ProxyManager needs to expose ports.\n```\n\nPersistent volume variant:\n\n```docker\nversion: '3.8'\nname: \"web_stack_with_proxy\"\n\nservices:\n  nginx_proxy_manager:\n    image: 'jc21/nginx-proxy-manager:latest'\n    container_name: nginx_proxy_manager\n    ports:\n      - '80:80'\n      - '81:81'\n      - '443:443'\n    volumes:\n      - proxy_manager_data:/data\n      - proxy_manager_letsencrypt:/etc/letsencrypt\n\nvolumes:\n  proxy_manager_data:\n  proxy_manager_letsencrypt:\n```\n\nShared directories (Bind / Mount), for when you want to use either the `Certificates` or `Config Data` for example in another `Container` or `Stack`:\n\n```docker\nversion: '3.8'\nservices:\n  app:\n    image: 'jc21/nginx-proxy-manager:latest'\n    ports:\n      - '80:80'\n      - '81:81'\n      - '443:443'\n    volumes:\n      - ./data:/data\n      - ./letsencrypt:/etc/letsencrypt\n```\n\n#### 3. Configure the NginxProxyManager\n\nThis is fairly simple. You'll need to log in, set your first user and then you are ready to do the certificate request.\n\n`DEFAULT_USER: admin@example.com`\n\n`DEFAULT_PASSWORD: changeme`\n\n#### 4. Obtain your Certificate\n\nNavigate to the `SSL Certificates` panel and then click on `Add SSL Certificate`.\n\n![Navigate to SSL Certificates](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/511cc8c6-6460-4f6f-a96c-ab251c05a9bb)\n\nNow, enter your Domains, which could look like `your_domain.tld` and `*.your_domain.tld`. After that you must check the `Use a DNS Challenge`.\n\n![Domains](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/1fc14849-2b91-4d9b-afae-a59b73f6c840)\n\nChoose your DNS provider, fill out whatever is required, change the `Propagation` time to `120s`, because the challenge can fail, if the time is too short, even though you did everything right and `Agree the TOS`.\n\n![DNS Provider](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/43c61c31-9e33-4fba-aebb-a69177d92e60)\n\nYou can now download that certificate, if you need to.\n\n#### 5. Proxy your other Stack Services\n\nLet's imagine you have an `NGINX Service` and it only listens to port 80 and does not use SSL. Well seeing that we are using a `Proxy`, we are no longer directly talking to that (other) `NGINX`, so we can just do the following:\n\n![Proxy Host](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/e84d8735-6ce1-440e-acae-d38fced9afeb)\n\n-   Domain Names =\u003e Set's the mapping of what you type in the URL.\n-   Scheme =\u003e Whether your target is HTTP or HTTPS.\n-   Forward Hostname / IP =\u003e The IP of the HOST Client you want to reach. (Forward to).\n\nYou can also define a suitable subdomain, just like this:\n\n![Subdomain](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/88020246-1b94-4c88-b285-c3d93fd954ef)\n\nNow, in order to secure this forwarding, we have to choose the `Certificate` to use for the forwarding, as well as whether we want to force `SSL`, enable `HTTP/2` and more.\n\n![Select Certificate](https://github.com/DrNeonsy/DrNeonsy/assets/118444485/f6c829e8-bb46-402b-b809-12e3e06b3b80)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneonsy%2Fneonwhale-dockerlab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fneonsy%2Fneonwhale-dockerlab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneonsy%2Fneonwhale-dockerlab/lists"}