From 3964bbf3fe18ebd359bb15025c149d17b8304746 Mon Sep 17 00:00:00 2001 From: ahgraber Date: Sun, 7 Feb 2021 19:12:20 -0500 Subject: [PATCH] update advanced-config/readme with secrets --- docs/advanced-config/README.md | 61 ++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md index 7c622d5..962c342 100644 --- a/docs/advanced-config/README.md +++ b/docs/advanced-config/README.md @@ -1,5 +1,66 @@ # Advanced Configuration +## Docker Secrets + +This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext. + +You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name. + +```yml +version: "3.7" + +secrets: + # Secrets are single-line text files where the sole content is the secret + # Paths in this example assume that secrets are kept in local folder called ".secrets" + DB_ROOT_PWD: + file: .secrets/db_root_pwd.txt + MYSQL_PWD: + file: .secrets/mysql_pwd.txt + +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: always + ports: + # Public HTTP Port: + - '80:80' + # Public HTTPS Port: + - '443:443' + # Admin Web Port: + - '81:81' + environment: + # These are the settings to access your db + DB_MYSQL_HOST: "db" + DB_MYSQL_PORT: 3306 + DB_MYSQL_USER: "npm" + # DB_MYSQL_PASSWORD: "npm" # use secret instead + DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD + DB_MYSQL_NAME: "npm" + # If you would rather use Sqlite uncomment this + # and remove all DB_MYSQL_* lines above + # DB_SQLITE_FILE: "/data/database.sqlite" + # Uncomment this if IPv6 is not enabled on your host + # DISABLE_IPV6: 'true' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt + depends_on: + - db + db: + image: jc21/mariadb-aria + restart: always + environment: + # MYSQL_ROOT_PASSWORD: "npm" # use secret instead + MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD + MYSQL_DATABASE: "npm" + MYSQL_USER: "npm" + # MYSQL_PASSWORD: "npm" # use secret instead + MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD + volumes: + - ./data/mysql:/var/lib/mysql +``` + + ## Disabling IPv6 On some docker hosts IPv6 may not be enabled. In these cases, the following message may be seen in the log: