Reverse proxy

From Wildsong
Jump to navigationJump to search

Bellman runs a Dockerized reverse proxy with Let's Encrypt certificates

2021-05-31 I used jwilder's nginx reverse proxy for several years but I am trying swag now.

The current set up

Read all about it! https://github.com/linuxserver/docker-swag/blob/master/README.md

  1. cd docker/swag
  2. Add a file to config/nginx/proxy-confs (cp psono.conf newserver.conf; emacs newserver.conf)
  3. Restart the docker. docker-compose restart
  4. Start the client docker.
  • You no longer have to do anything special to the client like add VIRTUAL_HOST environment settings.
  • You no longer need a separate ssl certificate for each client.

The old set up

2019-04-01 added HTTPS support.

This page is about my Docker proxy set up.

See details in Bellman source/docker/proxy and in github, https://github.com/brian32768/docker-proxy

There are currently 3 services,

  1. the reverse proxy
  2. the certificate manager
  3. the static content web server

Basics

Reverse proxy

I use jwilder/nginx-proxy image. It does a transparent reverse proxy thing where it watches containers start and stop and adds and removes proxies on the fly.

I address the CORS issues with extra setup files.

https://github.com/jwilder/nginx-proxy/issues/804

Let's Encrypt certificates

I am using the nginx-proxy companion, see https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion I start it in the docker-compose.yml; I used to do it manually.

Web content

I run a plain official nginx image to serve static HTML content. The compose file mounts the local static_content folder.

When I need PHP I use richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/ You can add also add environment settings to have it pull code from github instead of using the volume mentioned above. This would make deployment somewhere else easy.

docker run -d --name=web \
-e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
-e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
richarvey/nginx-php-fpm:latest

Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,

-e "WEBROOT=/var/www/htdocs" -v ./static_content:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \

Further adventures

I have been using a new domain name everytime I want to set up a new service, so for example, if I want to set up wiki then I create a domain wiki.wildsong.biz and put it in a container settings and nginx-proxy and letsencrypt handle it all from there.

I also need to be able to put several services behind one domain name, for example, I'd like to use bellman.wildsong.biz as the front door and put the wiki at bellman.wildsong.biz.

uWSGI

uWSGI lets me deploy flask applications without having to run the built in server.

This page helped me: http://markjberger.com/flask-with-virtualenv-uwsgi-nginx/

and this: http://uwsgi-docs.readthedocs.io

apt-get install uwsgi uwsgi-plugin-python

In the virtualenv environment install uwsgi

source venv/bin/activate
pip install uwsgi

You can run from command line to test it

uwsgi -s 192.168.1.2:5001 --protocol=http --wsgi-file /var/lib/twilio-weatherman/pyweatherman/wsgi.py 

and this should work: http://192.168.1.2:5001/home/

Right now I only need to deploy a single app, so I just hacked a shell script and set it to run at boot.

/var/lib/twilio-weatherman/pyweatherman/uwsgi.sh

I changed nginx to work with it.