Hosting a simple docker-compose app with Nginx and generate a SSL with certbot on digitalocean droplet

Short and simple guide to hosting a simple docker app on digitalocean droplet with NGINX as the web server to serve our application.

This guide also works for other hosting service.

After creating your droplet, SSH into your droplet with the command below and upgrate your system packages

ssh root@<droplet_ip>

# Update the system
sudo apt update
sudo apt upgrade

Then clone your project and change directory into the project

git clone <remote_url>

cd <project_name>

Install Docker

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh get-docker.sh

# Install docker compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# Apply executable permissions to the binary
sudo chmod +x /usr/local/bin/docker-compose

# Run Project
docker-compose up -d

Install Nginx

NOTE: Replace any your_domain to your public IPv4 or your domain name.

# Installing nginx with apt
sudo apt install nginx

# Firewall configuration to allow HTTP traffic for Nginx
sudo ufw allow 'Nginx HTTP'

# Create a new configuration in your site
sudo nano /etc/nginx/sites-available/your_domain

Nginx server configuration

server {
   listen 80;
   listen [::]:80;
   server_name your_domain;
   location / {
      proxy_pass http://localhost:3000; # Replace to the port your server is listening to
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_cache_bypass $http_upgrade;
   }
}
# Copy config to sites-enabled
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

# Check for syntax errors
sudo nginx -t

# Restart Nginx to enable your new configuration
sudo systemctl restart nginx

Go to your DNS provider, and add a new A record. Name will be your domain name, and value will be the Public IPv4 address from your droplet

Install Certbot for SSL

# Install python3 virtual environment
apt install python3-venv

# Create a virtual environment
sudo python3 -m venv /opt/certbot/
# Upgrade pip
sudo /opt/certbot/bin/pip install --upgrade pip

# Using pip to install certbot & certbot-nginx
sudo /opt/certbot/bin/pip install certbot certbot-nginx

# Copy the newly install certbot package
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

# Instructs Certbot to use the Nginx plugin to automatically configure SSL/TLS for Nginx web servers.
sudo certbot --nginx

Add an auto certificate renew script

# Run every Sunday at 00:00
echo "0 0 * * 0 root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null