add faq

.env.docker

@@ -939,12 +939,15 @@ DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
 # Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL
 DOCKER_DB_PORT_EXTERNAL="${DB_PORT}"
 
-# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTP traffic
+# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic
 DOCKER_PROXY_PORT_EXTERNAL_HTTP="80"
 
-# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
+# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
 DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
 
+# Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only
+DOCKER_WEB_PORT_EXTERNAL_HTTP="8080"
+
 # Path to the Docker socket on the *host*
 DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
 

docker-compose.yml

@@ -16,6 +16,8 @@ services:
     image: nginxproxy/nginx-proxy:1.4
     container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
     restart: unless-stopped
+    profiles:
+      - ${DOCKER_PROXY_PROFILE}
     volumes:
       - "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
       - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
@@ -33,6 +35,8 @@ services:
     image: nginxproxy/acme-companion
     container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
     restart: unless-stopped
+    profiles:
+      - ${DOCKER_PROXY_ACME_PROFILE:-$DOCKER_PROXY_PROFILE}
     environment:
       DEBUG: 0
       DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
@@ -70,6 +74,8 @@ services:
       com.github.nginx-proxy.nginx-proxy.keepalive: 30
       com.github.nginx-proxy.nginx-proxy.http2.enable: true
       com.github.nginx-proxy.nginx-proxy.http3.enable: true
+    # ports:
+    #   - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80"
     depends_on:
       - db
       - redis

docker/README.md

@@ -1,6 +1,8 @@
 # Pixelfed + Docker + Docker Compose
 
 * [Setting up a new Pixelfed server with Docker Compose](new-server.md)
+  * [I already have a SSL certificate, how do I use it?](faq.md#i-already-have-a-proxy-how-do-i-disable-the-included-one)
+  * [I already have an proxy / how do I disable the Nginx proxy](faq.md#i-already-have-a-ssl-certificate-how-do-i-use-it)
 * [Understanding Pixelfed Container runtimes (Apache, FPM, Nginx + FPM)](runtimes.md)
   * [Apache](runtimes.md#apache)
   * [FPM](runtimes.md#fpm)

docker/faq.md

@@ -0,0 +1,19 @@
+# Pixelfed Docker FAQ
+
+## I already have a Proxy, how do I disable the included one?
+
+No problem! All you have to do is
+
+1. *Comment out*  (or delete) the `proxy` and `proxy-acme` services in `docker-compose.yml`
+1. *Uncomment* the `ports` block for the `web` servince in `docker-compose.yml`
+1. Change the `DOCKER_WEB_PORT_EXTERNAL_HTTP` setting in your `.env` if you want to change the port from the default `8080`
+1. Point your proxy upstream to the exposed `web` port.
+
+## I already have a SSL certificate, how do I use it?
+
+1. *Comment out* (or delete) the `proxy-acme` service in `docker-compose.yml`
+1. Put your certificates in `${DOCKER_CONFIG_ROOT}/proxy/certs/${APP_DOMAIN}/`. The following files are expected to exist in the directory for the proxy to detect and use them automatically (this is the same directory and file names as LetsEncrypt uses)
+    1. `cert.pem`
+    1. `chain.pem`
+    1. `fullchain.pem`
+    1. `key.pem`