When you have multiple docker containers running a webserver you can only have one container publishing on port 80/tcp and 443/tcp. If you don’t want url’s like https://name.tld:8000, you should create a reverse proxy server to expose all your websites on port 80/tcp and 443/tcp. To create a Docker service that will do this for you is realy easy as shown here.

Nginx configuration

# this is a example of a loadbalace proxy configuration in nginx
# in the upstream section you place your ip:port of the servers
# where your websites are running.
# file: haraldvdl.conf
upstream haraldvdl_nl {
  # i have two workers in my docker swarm both of these are running
  # a container with my website. Therefor my upstream will have two server
  server 192.168.99.101:8000;
  server 192.168.99.102:8000;
}

server {
  # all my websites are accessable via ssl, therefor we redirect all
  # normal http traffic to https
  listen 80;
  server_name haraldvdl.nl www.haraldvdl.nl;
  redirect 301 https://$host$request_uri;
}

server {
  # because this nginx instance in the frontend proxy, we also terminate
  # ssl here. The traffic to the container is not encrypted. This should
  # not be security risk. But you could create a server / client certificate
  # for encrypted data transfer between these containers
  listen              443 ssl;
  server_name         haraldvdl.nl www.haraldvdl.nl;

  ssl                 on;
  ssl_certificate     /certs/haraldvdl.nl.crt;
  ssl_certificate_key /certs/haraldvdl.nl.key;

  location / {
    proxy_pass            http://haraldvdl_nl;
    proxy_set_header      Host $host;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header      X-Forwarded-Proto https;
    proxy_redirect        off;
    proxy_read_timeout    5m;
  }
}

Creating the Nginx Docker service

# Docker swarm Nginx service for loadbalanced proxy
# file: lbproxy.yaml
version: "3"

services:
  nginx:
    image: arm32v7/nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/vol/cerst/haraldvdl.crt:/certs/haraldvdl.nl.crt:ro"
      - "/vol/cerst/haraldvdl.key:/certs/haraldvdl.nl.key:ro"
      - "/vol/cfg/haraldvdl.conf:/etc/nginx/conf.d/default.conf:ro"
    deploy:
      placement:
        constraints:
          - "node.role == worker"

Deploying loadbalanced proxy stack

ssh -l pirate manager01.cluster.haraldvdl.nl
docker stack deploy -c lbproxy.yaml loadbalancer
docker service ps loadbalancer

# scale up or down this service
docker service scale loadbalancer=<number>