Reverse proxy: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
mNo edit summary
Brian Wilson (talk | contribs)
mNo edit summary
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
Bellman runs a plain old web server with Let's Encrpyt certificates.
Bellman runs a Dockerized reverse proxy with Let's Encrypt certificates
I have not gotten the automated renewal to work but this works:


sudo -s
2021-05-31
certbot certonly --cert-name bellman.wildsong.biz
I used jwilder's nginx reverse proxy for several years but I am trying swag now.
certbot certonly --cert-name owncloud.wildsong.biz
certbot certonly --cert-name maps.wildsong.biz
certbot certonly --cert-name map46.com


I used the option "1: Place files in webroot directory (webroot)".
== The current set up ==
It prompts for webroot which of course is /var/www/'''hostname'''/html.


== Dockerized! ==
Read all about it! https://github.com/linuxserver/docker-swag/blob/master/README.md


For a plain old web server, I am using richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/
# cd docker/swag
It supports PHP. If I start it up like this
# Add a file to config/nginx/proxy-confs (cp psono.conf newserver.conf; emacs newserver.conf)
and go to the page at http://bellman.wildsong.biz I see its PHP info.  
# Restart the docker. docker-compose restart
# Start the client docker.


You can add all the environment settings to have it pull code from github
* You no longer have to do anything special to the client like add VIRTUAL_HOST environment settings.
* You no longer need a separate ssl certificate for each client.


docker run -d --dns=192.168.123.2 --name=web \
== The old set up ==
 
2019-04-01 added HTTPS support.
 
This page is about my Docker proxy set up.
 
See details in Bellman source/docker/proxy and in github, https://github.com/brian32768/docker-proxy
 
There are currently 3 services,
# the reverse proxy
# the certificate manager
# the static content web server
 
== Basics ==
 
=== Reverse proxy ===
 
I use [https://github.com/jwilder/nginx-proxy jwilder/nginx-proxy] image. It does a transparent reverse proxy thing
where it watches containers start and stop and adds and removes proxies on the fly.
 
I address the CORS issues with extra setup files.
 
https://github.com/jwilder/nginx-proxy/issues/804
 
=== Let's Encrypt certificates ===
 
I am using the nginx-proxy companion, see https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion
I start it in the docker-compose.yml; I used to do it manually.
 
=== Web content ===
 
I run a plain official nginx image to serve static HTML content.
The compose file mounts the local static_content folder.
 
When I need PHP I use richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/
You can add also add environment settings to have it pull code from github instead of using the volume mentioned above.
This would make deployment somewhere else easy.
 
docker run -d --name=web \
  -e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
  -e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
  -e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
  -e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
Line 26: Line 61:
Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,
Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,


  -e "WEBROOT=/var/www/htdocs" -v /home/web/htdocs:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \
  -e "WEBROOT=/var/www/htdocs" -v ./static_content:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \
 
== Further adventures ==


Then I can tell it I want HTTPS,
I have been using a new domain name everytime I want to set up a new service, so for example,
docker exec -t web /usr/bin/letsencrypt-setup
if I want to set up wiki then I create a domain wiki.wildsong.biz and put it in a container
settings and nginx-proxy and letsencrypt handle it all from there.
 
I also need to be able to put several services behind one domain name, for example, I'd like
to use bellman.wildsong.biz as the front door and put the wiki at bellman.wildsong.biz.


== uWSGI ==
== uWSGI ==
Line 60: Line 101:


I changed nginx to work with it.
I changed nginx to work with it.
== Building Nginx for Owncloud and Windows ==
The reason is to get digest authentication, so that I can use Windows 7 as a WebDAV client.
So far this is a '''FAIL'''.
# I cannot convince Windows to store a self-signed certificate.
# I can't get digest authentication to work with owncloud.
If I did succeed then I would need a Docker container so that I can load it in the Synology server.
Windows is a pain.
See https://moblog.wiredwings.com/archives/20110406/webdav-windows-7-and-self-signed-certificates-howto.html
and https://www.nginx.com/resources/wiki/modules/auth_digest/
git clone https://github.com/samizdatco/nginx-http-auth-digest.git
cd nginx-1*
./configure --add-module=../nginx-http-auth-digest/ --with-http_ssl_module --with-cc-opt=-Wno-error
make
sudo make install

Latest revision as of 06:22, 1 June 2021

Bellman runs a Dockerized reverse proxy with Let's Encrypt certificates

2021-05-31 I used jwilder's nginx reverse proxy for several years but I am trying swag now.

The current set up

Read all about it! https://github.com/linuxserver/docker-swag/blob/master/README.md

  1. cd docker/swag
  2. Add a file to config/nginx/proxy-confs (cp psono.conf newserver.conf; emacs newserver.conf)
  3. Restart the docker. docker-compose restart
  4. Start the client docker.
  • You no longer have to do anything special to the client like add VIRTUAL_HOST environment settings.
  • You no longer need a separate ssl certificate for each client.

The old set up

2019-04-01 added HTTPS support.

This page is about my Docker proxy set up.

See details in Bellman source/docker/proxy and in github, https://github.com/brian32768/docker-proxy

There are currently 3 services,

  1. the reverse proxy
  2. the certificate manager
  3. the static content web server

Basics

Reverse proxy

I use jwilder/nginx-proxy image. It does a transparent reverse proxy thing where it watches containers start and stop and adds and removes proxies on the fly.

I address the CORS issues with extra setup files.

https://github.com/jwilder/nginx-proxy/issues/804

Let's Encrypt certificates

I am using the nginx-proxy companion, see https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion I start it in the docker-compose.yml; I used to do it manually.

Web content

I run a plain official nginx image to serve static HTML content. The compose file mounts the local static_content folder.

When I need PHP I use richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/ You can add also add environment settings to have it pull code from github instead of using the volume mentioned above. This would make deployment somewhere else easy.

docker run -d --name=web \
-e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
-e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
richarvey/nginx-php-fpm:latest

Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,

-e "WEBROOT=/var/www/htdocs" -v ./static_content:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \

Further adventures

I have been using a new domain name everytime I want to set up a new service, so for example, if I want to set up wiki then I create a domain wiki.wildsong.biz and put it in a container settings and nginx-proxy and letsencrypt handle it all from there.

I also need to be able to put several services behind one domain name, for example, I'd like to use bellman.wildsong.biz as the front door and put the wiki at bellman.wildsong.biz.

uWSGI

uWSGI lets me deploy flask applications without having to run the built in server.

This page helped me: http://markjberger.com/flask-with-virtualenv-uwsgi-nginx/

and this: http://uwsgi-docs.readthedocs.io

apt-get install uwsgi uwsgi-plugin-python

In the virtualenv environment install uwsgi

source venv/bin/activate
pip install uwsgi

You can run from command line to test it

uwsgi -s 192.168.1.2:5001 --protocol=http --wsgi-file /var/lib/twilio-weatherman/pyweatherman/wsgi.py 

and this should work: http://192.168.1.2:5001/home/

Right now I only need to deploy a single app, so I just hacked a shell script and set it to run at boot.

/var/lib/twilio-weatherman/pyweatherman/uwsgi.sh

I changed nginx to work with it.