Reverse proxy: Difference between revisions

Bellman runs a Dockerized reverse proxy with Let's Encrypt certificates in front of a Dockerized nginx web server.

Dockerized!

See details in Bellman source/docker/proxy and in github, https://github.com/brian32768/docker-proxy

2019-04-01 added HTTPS support.

Reverse proxy

I use jwilder/nginx-proxy image. It does a transparent reverse proxy thing where it watches containers start and stop and adds and removes proxies on the fly.

I address the CORS issues with extra setup files.

https://github.com/jwilder/nginx-proxy/issues/804

Let's Encrypt certificates

I am using the nginx-proxy companion, see https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion I start it in the docker-compose.yml; I used to do it manually.

Web content

Currently I don't care about PHP at all so I run a plain official nginx image to serve static HTML content. I mount /var/www/html so that the container can see my old undockerized content.

When I need PHP I use richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/ You can add also add environment settings to have it pull code from github instead of using the volume mentioned above. This would make deployment somewhere else easy.

docker run -d --dns=192.168.123.2 --name=web \
-e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
-e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
richarvey/nginx-php-fpm:latest

Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above,

-e "WEBROOT=/var/www/htdocs" -v /home/web/htdocs:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \

Then I can tell it I want HTTPS,

docker exec -t web /usr/bin/letsencrypt-setup

uWSGI

uWSGI lets me deploy flask applications without having to run the built in server.

This page helped me: http://markjberger.com/flask-with-virtualenv-uwsgi-nginx/

and this: http://uwsgi-docs.readthedocs.io

apt-get install uwsgi uwsgi-plugin-python

In the virtualenv environment install uwsgi

source venv/bin/activate
pip install uwsgi

You can run from command line to test it

uwsgi -s 192.168.1.2:5001 --protocol=http --wsgi-file /var/lib/twilio-weatherman/pyweatherman/wsgi.py 

and this should work: http://192.168.1.2:5001/home/

Right now I only need to deploy a single app, so I just hacked a shell script and set it to run at boot.

/var/lib/twilio-weatherman/pyweatherman/uwsgi.sh

I changed nginx to work with it.

Building Nginx for Owncloud and Windows

The reason is to get digest authentication, so that I can use Windows 7 as a WebDAV client.

So far this is a FAIL.

1. I cannot convince Windows to store a self-signed certificate.
2. I can't get digest authentication to work with owncloud.

If I did succeed then I would need a Docker container so that I can load it in the Synology server.

Windows is a pain.

See https://moblog.wiredwings.com/archives/20110406/webdav-windows-7-and-self-signed-certificates-howto.html

and https://www.nginx.com/resources/wiki/modules/auth_digest/

git clone https://github.com/samizdatco/nginx-http-auth-digest.git
cd nginx-1*
./configure --add-module=../nginx-http-auth-digest/ --with-http_ssl_module --with-cc-opt=-Wno-error
make
sudo make install