# How to use docker-compose with NGinx

NGinx acts as a reverse proxy, and takes care of renewing HTTPS certificates for you.
BTCPay Server deployment using NGinx are typically composed of:

1. One full node per supported cryptocurrency (bitcoind/litecoind)
2. A lightweight block explorer ([NBxplorer](https://github.com/dgarage/NBXplorer))
3. A [BTCPay Server](https://github.com/btcpayserver/btcpayserver)
4. A database (Postgres)
5. A reverse proxy (NGINX)
6. Two containers configuring NGINX as a reverse proxy and renewing SSL certificates.

![Architecture](Production.png)

[The Deploy on Azure Button](https://github.com/btcpayserver/btcpayserver-azure) is using this `docker-compose` under the hood on an Ubuntu machine. You can use it on any docker supporting host.

The relevant environment variables are:

* `NBITCOIN_NETWORK`: The blockchain identifier used by NBitcoin (eg., `regtest`, `testnet`, `mainnet`)
* `BTCPAY_HOST`: The external url used to access the NGINX server from internet. This domain name must point to this machine for Let's Encrypt to create your certificate. (typically with a CNAME or A record)
* `BTCPAY_ROOTPATH`: The root path directory where BTCPay is accessed, more information below. (default: /)
* `LETSENCRYPT_EMAIL`: The email Let's Encrypt will use to notify you about certificate expiration.
* `ACME_CA_URI`: Let's encrypt API endpoint (`https://acme-staging.api.letsencrypt.org/directory` for a staging certificate, `https://acme-v01.api.letsencrypt.org/directory` for a production one)
* `LIGHTNING_ALIAS`: Optional, if using the integrated lightning feature, customize the alias of your nodes
* `BTCPAY_SSHKEYFILE`: Optional, SSH private key that BTCPay can use to connect to this VM's SSH server (You need to copy the key file on BTCPay's datadir volume)
* `BTCPAY_SSHTRUSTEDFINGERPRINTS`: Optional, BTCPay will ensure that it is connecting to the expected SSH server by checking the host public's key against those fingerprints

If `BTCPAY_HOST` is `btcpay.example.com` and `BTCPAY_ROOTPATH` is `/btcpay`, then you can access the site via `https://btcpay.example.com/btcpay`

Any unset or empty environment variable will be set for a `regtest` deployment.

The ports mapped on the host are:

1. `80` for Let's encrypt
2. `443` for the website
3. `9735` for the bitcoin lightning network node (if used)
4. `9736` for the litecoin lightning network node (if used)

Example for running on `mainnet`:

For linux:

```
docker-compose up \
    -e "NBITCOIN_NETWORK=mainnet" \
    -e "BTCPAY_HOST=btcpay.example.com" \
    -e "LETSENCRYPT_EMAIL=me@example.com" \
    -e "ACME_CA_URI=https://acme-v01.api.letsencrypt.org/directory"
```

For powershell:

```
docker-compose up `
    -e "NBITCOIN_NETWORK=mainnet" `
    -e "BTCPAY_HOST=btcpay.example.com" `
    -e "LETSENCRYPT_EMAIL=me@example.com" `
    -e "ACME_CA_URI=https://acme-v01.api.letsencrypt.org/directory"
```

See also [The guide for docker noobs](../README.md#fornoobs).

Make sure the domain `btcpay.example.com` point to your server and that port `80` and `443` are open.