Skip to content

Docker Compose Production: Reverse Proxy, SSL & Scaling

DodaTech Updated 2026-06-21 2 min read

Docker Compose can power small to medium production deployments when paired with a reverse proxy, automatic SSL certificate management, and horizontal scaling.

What You'll Learn

In this tutorial, you'll learn how to set up an Nginx reverse proxy with SSL using Let Encrypt, scale services horizontally, manage rolling updates, and apply production security best practices.

Why It Matters

While Compose is primarily a development tool, many teams run it in production for small deployments before migrating to Kubernetes. Understanding production patterns -- TLS termination, zero-downtime deploys, resource limits, and log management -- ensures your Compose-based deployment is secure and reliable.

Real-World Use

Durga Antivirus Pro's public API Gateway runs on Docker Compose in production with three Nginx replicas behind a shared network, Let Encrypt auto-renewing certificates, and Prometheus scraping health metrics from every container.

Reverse Proxy with Nginx

Use Nginx as a reverse proxy to route traffic to your services:

services:
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - certs:/etc/letsencrypt
    depends_on:
      - app

  app:
    image: my-app
    expose:
      - "3000"

volumes:
  certs:

Nginx Configuration

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://app:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

SSL with Let Encrypt

Automate SSL certificates using Certbot:

services:
  certbot:
    image: certbot/certbot
    volumes:
      - certs:/etc/letsencrypt
      - webroot:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $!; done'"

Horizontal Scaling

Run multiple replicas of a stateless service:

# Scale the app service to 3 replicas
docker compose up -d --scale app=3

With Load Balancing

Use Nginx with upstream blocks to distribute traffic:

upstream app_cluster {
    server app:3000;
    server app:3000;
    server app:3000;
}

Resource Limits

Apply production-grade resource constraints:

services:
  app:
    image: my-app
    deploy:
      resources:
        limits:
          cpus: "0.5"
          memory: 256M
        reservations:
          cpus: "0.25"
          memory: 128M
    restart: unless-stopped
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

Practice Questions

1. What is the purpose of a reverse proxy in production? It terminates SSL, routes traffic to backend services, provides Load Balancing, and protects backend services from direct exposure.

2. How do you scale a service horizontally with Compose? Use <a href="/devops/docker-compose/">Docker Compose</a> up -d --scale service_name=N where N is the number of replicas.

3. Why should you set restart: unless-stopped in production? It automatically restarts containers if they crash, unless the administrator manually stopped them.

4. How can you limit log file size for a container? Set logging.driver to json-file and configure max-size and max-file options.

5. Challenge: Deploy a two-service stack with Nginx reverse proxy and SSL. Verify HTTPS works and certificates auto-renew.

Mini Project: Production-Ready Stack

Build a complete production compose file with Nginx reverse proxy, Let Encrypt SSL, two replicas of a Node.js API, PostgreSQL with a named volume, resource limits on every service, log rotation, and health checks. Test that the stack survives a container crash via <a href="/devops/docker-compose/">Docker Compose</a> restart.

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro