Docker Compose Production: Reverse Proxy, SSL & Scaling
Docker Compose can power small to medium production deployments when paired with a reverse proxy, automatic SSL certificate management, and horizontal scaling.
What You'll Learn
In this tutorial, you'll learn how to set up an Nginx reverse proxy with SSL using Let Encrypt, scale services horizontally, manage rolling updates, and apply production security best practices.
Why It Matters
While Compose is primarily a development tool, many teams run it in production for small deployments before migrating to Kubernetes. Understanding production patterns -- TLS termination, zero-downtime deploys, resource limits, and log management -- ensures your Compose-based deployment is secure and reliable.
Real-World Use
Durga Antivirus Pro's public API Gateway runs on Docker Compose in production with three Nginx replicas behind a shared network, Let Encrypt auto-renewing certificates, and Prometheus scraping health metrics from every container.
Reverse Proxy with Nginx
Use Nginx as a reverse proxy to route traffic to your services:
services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- certs:/etc/letsencrypt
depends_on:
- app
app:
image: my-app
expose:
- "3000"
volumes:
certs:
Nginx Configuration
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://app:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
SSL with Let Encrypt
Automate SSL certificates using Certbot:
services:
certbot:
image: certbot/certbot
volumes:
- certs:/etc/letsencrypt
- webroot:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $!; done'"
Horizontal Scaling
Run multiple replicas of a stateless service:
# Scale the app service to 3 replicas
docker compose up -d --scale app=3
With Load Balancing
Use Nginx with upstream blocks to distribute traffic:
upstream app_cluster {
server app:3000;
server app:3000;
server app:3000;
}
Resource Limits
Apply production-grade resource constraints:
services:
app:
image: my-app
deploy:
resources:
limits:
cpus: "0.5"
memory: 256M
reservations:
cpus: "0.25"
memory: 128M
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
Practice Questions
1. What is the purpose of a reverse proxy in production? It terminates SSL, routes traffic to backend services, provides Load Balancing, and protects backend services from direct exposure.
2. How do you scale a service horizontally with Compose?
Use <a href="/devops/docker-compose/">Docker Compose</a> up -d --scale service_name=N where N is the number of replicas.
3. Why should you set restart: unless-stopped in production?
It automatically restarts containers if they crash, unless the administrator manually stopped them.
4. How can you limit log file size for a container?
Set logging.driver to json-file and configure max-size and max-file options.
5. Challenge: Deploy a two-service stack with Nginx reverse proxy and SSL. Verify HTTPS works and certificates auto-renew.
Mini Project: Production-Ready Stack
Build a complete production compose file with Nginx reverse proxy, Let Encrypt SSL, two replicas of a Node.js API, PostgreSQL with a named volume, resource limits on every service, log rotation, and health checks. Test that the stack survives a container crash via <a href="/devops/docker-compose/">Docker Compose</a> restart.
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro