...
Create a nginx reverse proxy by issuing the following command:> docker
| Code Block |
|---|
docker run -d \ --net host \ --restart=always \ -p 80:80 \ --name proxy \ -v |
...
$PWD/conf:/etc/nginx/ |
...
sites-enabled \ -v $PWD/letsencrypt:/etc/letsencrypt \ -v $PWD/conf.d:/etc/nginx/ |
...
conf.d \ lerenn/nginx-reverse-proxy |
This will create a reverse proxy running on the host network. We specify a SITES_CONFIG_DIR where we will add our site config files (see below).We also specify a folder for our certificates that we will reference for our SSL enabled sites.
Define our Nginx Configuration Files
In the config folder conf folder(mapped to sites-enabled) we defined in our docker command we will add a configuration like the following:
| Code Block | ||
|---|---|---|
| ||
server {
listen 80;
server_name wiki wiki.jmehan.com;
location / {
proxy_pass http://192.168.1.60:8090/;
}
}
|
Adding SSL Support (not certbot)
If we want to terminate an SSL connection at our proxy, we can generate an SSL cert and configure it in nginx.
...
| Code Block |
|---|
server {
server_name kibana kibana.jmehan.com;
location / {
proxy_pass http://192.168.1.60:5601/;
auth_basic "Administrator's Area";
auth_basic_user_file /etc/nginx/conf.d/htpasswd;
}
} |
Customized Dockerfile
The following Dockerfile adds certbot and apache2-utils to our nginx-reverse-proxy image.
| Code Block | ||||
|---|---|---|---|---|
| ||||
FROM lerenn/nginx-reverse-proxy
RUN apt-get update
RUN apt-get install -y wget
RUN apt-get install -y apache2-utils
RUN wget https://dl.eff.org/certbot-auto
RUN chmod +x certbot-auto
RUN ./certbot-auto -n --install-only |
References
| Reference | URL |
|---|---|
| Let's Encrypt | CertBot and Let's Encrypt |
| Restricting Access with HTTP Basic Authentication | https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ |
...