playbooks

home / skills / aaaaqwq / agi-super-skills / docker-deployment

docker-deployment skill

/skills/backend/docker-deployment

This skill helps you deploy web apps with Docker, secure Nginx HTTPS, and connect via Cloudflare Tunnel for secure external access.

npx playbooks add skill aaaaqwq/agi-super-skills --skill docker-deployment

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
1.9 KB
---
name: docker-deployment
description: Docker container deployment with Nginx HTTPS configuration and Cloudflare Tunnel integration. Use when deploying web applications with Docker, configuring SSL/TLS certificates, setting up Nginx reverse proxy, or integrating with Cloudflare Tunnel for secure external access.
license: MIT
---

# Docker Deployment with Nginx HTTPS

## Quick Start

For Docker web application deployment with HTTPS support:

1. **Configure Nginx** with SSL certificates (see [nginx-https.md](references/nginx-https.md))
2. **Set up docker-compose.yml** with certificate volume mounting
3. **Configure Cloudflare Tunnel** to connect external domain to local container

## Common Tasks

| Task | Reference |
|------|-----------|
| Nginx HTTPS configuration | [nginx-https.md](references/nginx-https.md) |
| Cloudflare Origin Certificate | [cf-origin-cert.md](references/cf-origin-cert.md) |
| Docker data persistence | [data-persistence.md](references/data-persistence.md) |
| Cloudflare Tunnel setup | [cf-tunnel.md](references/cf-tunnel.md) |

## Architecture Overview

```
Internet → Cloudflare Edge (HTTPS) → Cloudflare Tunnel → Ubuntu/Docker (Nginx)
```

## Key Principles

- **Always use named Docker volumes** for persistent data
- **Nginx should redirect HTTP (80) to HTTPS (443)** in production
- **Cloudflare Origin Certificates** are for CF-to-origin encryption only
- **Tunnel connects to HTTP or HTTPS** - configure based on nginx setup

## Troubleshooting

**HTTPS not working after enabling Cloudflare force HTTPS?**
- Check if nginx listens on port 443
- Verify SSL certificates are mounted correctly
- Ensure Cloudflare Tunnel service URL matches (http:// or https://)

**Data lost after container restart?**
- Check docker-compose.yml uses named volumes, not bind mounts for critical data
- Verify database path points to mounted volume directory

See individual reference files for detailed solutions.

Overview

This skill automates Docker container deployment for web applications with an Nginx reverse proxy, HTTPS configuration, and optional Cloudflare Tunnel integration. It streamlines certificate mounting, redirect rules, and persistent volume handling so services remain secure and recoverable. Use it to deploy production-ready containers behind Cloudflare or directly on a public host.

How this skill works

The skill generates and validates docker-compose setups that mount SSL certificates into Nginx and define named volumes for persistent data. It configures Nginx to redirect HTTP to HTTPS, binds the appropriate ports, and provides options to expose the service to the internet via a Cloudflare Tunnel. It also includes checks for certificate presence, Nginx listening ports, and tunnel service URL consistency.

When to use it

  • Deploying a web app in Docker and needing HTTPS termination with Nginx
  • Mounting Cloudflare origin certificates for encryption between Cloudflare and origin
  • Exposing local containers to the internet securely using Cloudflare Tunnel
  • Ensuring persistent storage using named Docker volumes to prevent data loss
  • Migrating services to a production-like environment with proper redirects and ports

Best practices

  • Always use named Docker volumes for databases and critical data to preserve state
  • Configure Nginx to redirect port 80 to 443 in production to enforce HTTPS
  • Mount certificates into the container rather than baking them into images
  • Use Cloudflare origin certificates only for CF-to-origin encryption and keep private keys secure
  • Test tunnel and Nginx configuration locally (http/https) before switching DNS or forcing HTTPS

Example use cases

  • Deploy a Rails or Node app in Docker with Nginx as the HTTPS terminator and persistent DB volume
  • Set up Cloudflare Tunnel to expose a staging site running on a developer machine without opening firewall ports
  • Replace a self-signed certificate by mounting a Cloudflare origin certificate into Nginx for Cloudflare-only encryption
  • Recover a broken deployment by verifying volume mounts and ensuring Nginx listens on port 443
  • Automate multi-service stacks with docker-compose including reverse proxy, app, and database with durable storage

FAQ

Why is HTTPS failing after enabling Cloudflare Force HTTPS?

Verify Nginx is listening on port 443 and that the SSL certificate files are correctly mounted into the container. Also confirm the Tunnel service URL matches the protocol (http:// vs https://).

How do I avoid losing data when containers restart?

Use named Docker volumes in docker-compose.yml for databases and important storage paths. Avoid relying on ephemeral container files or anonymous volumes.