System administrator / DevOps / Ethical Penetration tester
Docker Nginx reverse proxy and LE SSL
Docker has become an efficient way of boosting productivity in IT development processes. As the market keeps growing, people want to explore the biggest Docker benefits and they want to know more about this valuable tool. The main question here is: why Docker? Essentially, companies including corporations and developers utilize Docker containers because it is a dramatic improvement for cloud development and DevOps in general. If you would like to know more what are the benefits of Docker Click here
What is Nginx reverse proxy?
An Nginx HTTPS reverse proxy is an intermediary proxy service that takes a client request, passes it on to one or more servers, and subsequently delivers the server’s response back to the client. While most common applications can run a web server on their own, the Nginx web server can provide several advanced features such as load balancing, TLS/SSL capabilities, and acceleration that most specialized applications lack. By using an Nginx reverse proxy all applications can benefit from these features.
Besides the proxy service Nginx reverse proxy comes with additional benefits for example:
- Load Balancing: A Nginx reverse proxy can perform load balancing which helps distribute client requests evenly across backend servers. It also improves redundancy as if one server goes down, the reverse proxy will simply reroute requests to a different server according to the routing policy. With Load Balancing you can also perform a soft deployment, that clients will not see or feel any downtime.
- Increased Security: A Nginx reverse proxy also acts as a line of defense for your backend servers. Configuring a reverse proxy ensures that the identity of your backend servers remains unknown.
- Better Performance: Nginx has been known to perform better in delivering static content file and analyse URLs
- Encrypted Connection By encrypting the connection between the client and the Nginx reverse Proxy with TLS, users profit from a encrypted and securized HTTPS connection, protecting their data.
So to set up Nginx reverse proxy on a Docker environment ( Here you can find Ansible playbook with instructions on how to setup Docker environment on Ubuntu 20.04 ) once you have a Docker running on your Linux environment then execute this code into your Linux terminal:
docker run -d -p 80:80 -p 443:443 --name=nginx-proxy --restart=always -v /srv/dcontainers/management/nginx:/etc/nginx/conf.d -v /srv/dcontainers/management/dhparam:/etc/nginx/dhparam -v /srv/dcontainers/management/vhost.d:/etc/nginx/vhost.d -v /srv/dcontainers/management/html:/usr/share/nginx/html -v /srv/dcontainers/management/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
Now let’s check if our Docker container is working, in your Linux terminal execute:
docker ps -a
You should see something like this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 05f8baaf8aae jwilder/nginx-proxy "/app/docker-entrypo…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-proxy
The Up means, that your container is fully working and ready to forward all incoming traffic. Now we will create a Let’s encrypt container, but before that what is Let’s encrypt? Let’s Encrypt or as we call it LE is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. There fore with the Docker containers linked when you will add a new host, that will need an SSL certificate Docker Let’s encrypt the container will take care of automatically certificate requiring and also renewals taking that off of your shoulders.
So let’s create a Docker container for Let’s encrypt by executing this code into your Linux console:
docker run --detach --name nginx-proxy-letsencrypt --restart=always -v /srv/dcontainers/management/dhparam:/etc/nginx/dhparam -v /srv/dcontainers/management/vhost.d:/etc/nginx/vhost.d -v /var/run/docker.sock:/tmp/docker.sock -v /srv/dcontainers/management/html:/usr/share/nginx/html -v /srv/dcontainers/management/certs:/etc/nginx/certs -v /srv/dcontainers/management/nginx:/etc/nginx/conf.d --volume /var/run/docker.sock:/var/run/docker.sock:ro --env "[email protected]" --env "NGINX_PROXY_CONTAINER=nginx-proxy" jrcs/letsencrypt-nginx-proxy-companion
Now when you execute in your Linux terminal:
docker ps -a
you should see
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 22963c756d3e jrcs/letsencrypt-nginx-proxy-companion "/bin/bash /app/entr…" 2 minutes ago Up 2 minutes nginx-proxy-letsencrypt 05f8baaf8aae jwilder/nginx-proxy "/app/docker-entrypo…" 23 minutes ago Up 23 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-proxy
That means, that Nginx reverse proxy and Let’s encrypt containers both are working. Nginx will take care of all incoming traffic requests by sending the traffic to the correct container when you will create it with a specific domain or subdomain name, but your Letsencrypt container will take care of SSL certificates by keeping them issued and up to date.