Versions Compared

Old Version 2

changes.mady.by.user John

Saved on

compared with

New Version 3

changes.mady.by.user John

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

> docker run -d --net host --restart=always -p 80:80 --name proxy -v {CERTS_DIR}:/etc/nginx/certificates -v {SITES_CONFIG_DIR}:/etc/nginx/sites-enabled lerenn lerenn/nginx-reverse-proxy


This will create a reverse proxy running on the host network. We specify a SITES_CONFIG_DIR where we will add our site config files (see below).

We also specify a folder for our certificates that we will reference for our SSL enabled sites.

Define our Nginx Configuration Files

...

Code Block
titlemysite.conf
server {
        listen       80;
        server_name  wiki wiki.jmehan.com;
        location / {
            proxy_pass         http://192.168.1.60:8090/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}


Adding SSL Support


If we want to terminate an SSL connection at our proxy, we can generate an SSL cert and configure it in nginx.


Generate the SSL certificate using the following command:

> openssl req -nodes -new -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 7300


This command will generate a self signed SSL certificate valid for 10 years.


Configure the endpoint to use the certificates. Here we are defining the docker location for the certs. 

Code Block
titlemysite.conf
server {
        listen       8443 ssl;
        #server_name  svn svn.jmehan.com;
        ssl_certificate     /etc/nginx/certificates/svn/cert.pem;
        ssl_certificate_key /etc/nginx/certificates/svn/key.pem;

        location / {
            proxy_pass         http://192.168.1.60:9080/;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}