Docker Nginx reverse proxy and LE SSL

Docker has become an efficient way of boosting productivity in IT development processes. As the market keeps growing, people want to explore the biggest Docker benefits and they want to know more about this valuable tool. The main question here is: why Docker? Essentially, companies including corporations and developers utilize Docker containers because it is a dramatic improvement for cloud development and DevOps in general. If you would like to know more what are the benefits of Docker Click here

What is Nginx reverse proxy?

An Nginx HTTPS reverse proxy is an intermediary proxy service that takes a client request, passes it on to one or more servers, and subsequently delivers the server’s response back to the client. While most common applications can run a web server on their own, the Nginx web server can provide several advanced features such as load balancing, TLS/SSL capabilities, and acceleration that most specialized applications lack. By using an Nginx reverse proxy all applications can benefit from these features.

Besides the proxy service Nginx reverse proxy comes with additional benefits for example:

Load Balancing: A Nginx reverse proxy can perform load balancing which helps distribute client requests evenly across backend servers. It also improves redundancy as if one server goes down, the reverse proxy will simply reroute requests to a different server according to the routing policy. With Load Balancing you can also perform a soft deployment, that clients will not see or feel any downtime.
Increased Security: A Nginx reverse proxy also acts as a line of defense for your backend servers. Configuring a reverse proxy ensures that the identity of your backend servers remains unknown.
Better Performance: Nginx has been known to perform better in delivering static content file and analyse URLs
Encrypted Connection By encrypting the connection between the client and the Nginx reverse Proxy with TLS, users profit from a encrypted and securized HTTPS connection, protecting their data.

So to set up Nginx reverse proxy on a Docker environment ( Here you can find Ansible playbook with instructions on how to setup Docker environment on Ubuntu 20.04 ) once you have a Docker running on your Linux environment then execute this code into your Linux terminal:

docker run -d -p 80:80 -p 443:443 --name=nginx-proxy --restart=always -v /srv/dcontainers/management/nginx:/etc/nginx/conf.d -v /srv/dcontainers/management/dhparam:/etc/nginx/dhparam -v /srv/dcontainers/management/vhost.d:/etc/nginx/vhost.d -v /srv/dcontainers/management/html:/usr/share/nginx/html -v /srv/dcontainers/management/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

Now let’s check if our Docker container is working, in your Linux terminal execute:

docker ps -a

You should see something like this:

CONTAINER ID   IMAGE                    COMMAND                  CREATED         STATUS         PORTS                                            NAMES
05f8baaf8aae   jwilder/nginx-proxy      "/app/docker-entrypo…"   5 minutes ago   Up 5 minutes   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp         nginx-proxy

The Up means, that your container is fully working and ready to forward all incoming traffic. Now we will create a Let’s encrypt container, but before that what is Let’s encrypt? Let’s Encrypt or as we call it LE is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. There fore with the Docker containers linked when you will add a new host, that will need an SSL certificate Docker Let’s encrypt the container will take care of automatically certificate requiring and also renewals taking that off of your shoulders.

So let’s create a Docker container for Let’s encrypt by executing this code into your Linux console:

docker run --detach     --name nginx-proxy-letsencrypt     --restart=always     -v /srv/dcontainers/management/dhparam:/etc/nginx/dhparam     -v /srv/dcontainers/management/vhost.d:/etc/nginx/vhost.d     -v /var/run/docker.sock:/tmp/docker.sock     -v /srv/dcontainers/management/html:/usr/share/nginx/html     -v /srv/dcontainers/management/certs:/etc/nginx/certs     -v /srv/dcontainers/management/nginx:/etc/nginx/conf.d     --volume /var/run/docker.sock:/var/run/docker.sock:ro     --env "[email protected]"     --env "NGINX_PROXY_CONTAINER=nginx-proxy"     jrcs/letsencrypt-nginx-proxy-companion

Now when you execute in your Linux terminal:

docker ps -a

you should see

CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS          PORTS                                            NAMES
22963c756d3e   jrcs/letsencrypt-nginx-proxy-companion   "/bin/bash /app/entr…"   2 minutes ago    Up 2 minutes                                                     nginx-proxy-letsencrypt
05f8baaf8aae   jwilder/nginx-proxy                      "/app/docker-entrypo…"   23 minutes ago   Up 23 minutes   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp         nginx-proxy

That means, that Nginx reverse proxy and Let’s encrypt containers both are working. Nginx will take care of all incoming traffic requests by sending the traffic to the correct container when you will create it with a specific domain or subdomain name, but your Letsencrypt container will take care of SSL certificates by keeping them issued and up to date.

15/10/2021 valters.eu

containers docker docker containers letsencyrpt nginx proxy reverse proxy reverseproxy

Jānis Valters

Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator

Recent Posts

Categories