Docker Cookbook Recipes: nginx

thinkmelt@protonmail.com

3 min read
Docker Cookbook Recipes: nginx

Reverse SSL proxies are incredibly complex things because not only must they route packets in reverse - they must also handle and remember multiple SSL sessions for each one.

Incredibly this author did an amazing job of it - and made it so simple 'a monkey could set this up!'

Nginx Proxy Manager
Docker container and built in Web Application for managing Nginx proxy hosts with a simple, powerful interface, providing free SSL support via Let’s Encrypt
Get Started
  • Explaining the plumbing of this is effectively as follows:
  • Nginx takes port 80 / 443 for capturing web traffic.
  • Nginx takes port 81 for its admin interface
  • Nginx then redirects multiples domain names (www.xyz.com) to the appropriate internal host (which can just be a docker container sitting inside a Class B 172. address.)
  • Consider the following diagram a real-world working example:
  • If Nginx sees hotconfig.com traffic (80/443) it will automatically re-route to internal http://107.152.41.231:8081
  • In a basic mode it will use SQLite - negating even the requirement for a database.

The docker-compose.yaml file (right off the site is as follows)

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Then we fire it up:

docker-compose up -d

First time it runs it will look like:

The initial login is:

http://<your raw ip>:81/login
Email: admin@example.com
Password: changeme

The dashboard will look like this:

We want to add a proxy host:

Inspecting our local moodle container which will be our target:

Which looks as follows:

It has integrated support for LetsEncrypt! Pretty powerful!

We then need to add a subdomain in ourcase moodle.thinkmelt.com and have it point at our temporary server: 103.90.162.225

Summary: It did all work. Some caveats.

  • There are a lot of moving parts when SSL is brought in and we have not completely touched upon it - just getting the basics working
  • For the instance of our moodle container we had to edit the config.php and repoint to a fresh 172 as it had moved.
Linux Rocks Every Day