Reverse proxy
Bellman runs a Dockerized reverse proxy with Let's Encrypt certificates
2021-05-31 I used jwilder's nginx reverse proxy for several years but I am trying swag now.
The current set up
Read all about it! https://github.com/linuxserver/docker-swag/blob/master/README.md
- cd docker/swag
- Add a file to config/nginx/proxy-confs (cp psono.conf newserver.conf; emacs newserver.conf)
- Restart the docker. docker-compose restart
- Start the client docker.
- You no longer have to do anything special to the client like add VIRTUAL_HOST environment settings.
- You no longer need a separate ssl certificate for each client.
The old set up
2019-04-01 added HTTPS support.
This page is about my Docker proxy set up.
See details in Bellman source/docker/proxy and in github, https://github.com/brian32768/docker-proxy
There are currently 3 services,
- the reverse proxy
- the certificate manager
- the static content web server
Basics
Reverse proxy
I use jwilder/nginx-proxy image. It does a transparent reverse proxy thing where it watches containers start and stop and adds and removes proxies on the fly.
I address the CORS issues with extra setup files.
https://github.com/jwilder/nginx-proxy/issues/804
Let's Encrypt certificates
I am using the nginx-proxy companion, see https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion I start it in the docker-compose.yml; I used to do it manually.
Web content
I run a plain official nginx image to serve static HTML content. The compose file mounts the local static_content folder.
When I need PHP I use richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/ You can add also add environment settings to have it pull code from github instead of using the volume mentioned above. This would make deployment somewhere else easy.
docker run -d --name=web \ -e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \ -e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \ richarvey/nginx-php-fpm:latest
Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,
-e "WEBROOT=/var/www/htdocs" -v ./static_content:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \
Further adventures
I have been using a new domain name everytime I want to set up a new service, so for example, if I want to set up wiki then I create a domain wiki.wildsong.biz and put it in a container settings and nginx-proxy and letsencrypt handle it all from there.
I also need to be able to put several services behind one domain name, for example, I'd like to use bellman.wildsong.biz as the front door and put the wiki at bellman.wildsong.biz.
uWSGI
uWSGI lets me deploy flask applications without having to run the built in server.
This page helped me: http://markjberger.com/flask-with-virtualenv-uwsgi-nginx/
and this: http://uwsgi-docs.readthedocs.io
apt-get install uwsgi uwsgi-plugin-python
In the virtualenv environment install uwsgi
source venv/bin/activate pip install uwsgi
You can run from command line to test it
uwsgi -s 192.168.1.2:5001 --protocol=http --wsgi-file /var/lib/twilio-weatherman/pyweatherman/wsgi.py
and this should work: http://192.168.1.2:5001/home/
Right now I only need to deploy a single app, so I just hacked a shell script and set it to run at boot.
/var/lib/twilio-weatherman/pyweatherman/uwsgi.sh
I changed nginx to work with it.