1. I don't use Nginx on my Docker clusters because Docker Swarm does the load balancing already and I use bare Node containers without any Nginx. Reduces complexity and I can do all my low-level server config in Node as well and as good. Caching is done through CloudFlare or similar anyways.
2. Even with Nginx, you would have two different Docker containers (one with Nginx and one without).
3. And even if I had different container files: For a ideal cluster you need min. 3 managers (and in a perfect world another external load balancer before them or just a DNS with multiple A records to all managers (in case one manager drops)). Then, even if they run Nginx you need to sync the Letsencrypt stuff somehow.
Regarding the Letsencrypt (LE) and Certbot SSL renewal and why it's not simple: LE makes a know-well request to check your credentials every three months and because every node could and should be able to answer this request you have to make sure that all nodes have the same knowledge (either through secrets or through filesync or the underlying host OS of the front-facing server takes care of this).
2. Even with Nginx, you would have two different Docker containers (one with Nginx and one without).
3. And even if I had different container files: For a ideal cluster you need min. 3 managers (and in a perfect world another external load balancer before them or just a DNS with multiple A records to all managers (in case one manager drops)). Then, even if they run Nginx you need to sync the Letsencrypt stuff somehow.
Regarding the Letsencrypt (LE) and Certbot SSL renewal and why it's not simple: LE makes a know-well request to check your credentials every three months and because every node could and should be able to answer this request you have to make sure that all nodes have the same knowledge (either through secrets or through filesync or the underlying host OS of the front-facing server takes care of this).