11/23/2021»»Tuesday

Install Nginx On Docker

Installation and Setup Docker Machine. Printout from Docker Quickstart Terminal. Verfiy the Docker settings. Validate setup by using docker-machine command. Validate the Docker Installation by creating and running the Docker Hello World Container. Run and verify a basic Nginx Installation. Install Nginx Webserver in a new Container.

  1. Install Nginx On Docker Ubuntu
  2. Install Nginx On Docker Windows
  3. Install Nginx On Docker
  4. Install Nginx Proxy Manager On Docker
  5. Install Nginx Docker Ubuntu 18.04

Docker run-d-p 80: 80-name web nginx By default, Nginx runs at port 80 and I have mapped it with port 80 of the host machine (machine running Docker). Here, I also used Nginx’s latest tag, so I don’t need to declare the version, you can choose the version you want! Now we have a simple 1-node cluster running under Docker Desktop, we need to install the Nginx ingress: Tip: It’s not best practice to just blindly install Kubernetes resources by using yaml files taken straight from the internet. If you’re in any doubt, download the yaml file and save a copy of it locally. If you want to know how to install docker on Linux, just have a look at the official docker documentation and docker-compose documentation. What is NGINX proxy manager. NGINX proxy manager is a reverse proxy management system, that is based on NGINX with a nice and clean web UI.

This is the old quick start guide, which contains instructions using Nginx and Docker CE. It is recommended to use the new quick start guide with Caddy instead.

0. Introduction¶

We assume for this installation that you want all of the Netmaker features enabled, you want your server to be secure, and you want your server to be accessible from anywhere.

This instance will not be HA. However, it should comfortably handle around one hundred concurrent clients and support the most common use cases.

If you are deploying for a business or enterprise use case and this setup will not fit your needs, please contact info@gravitl.com, or check out the business subscription plans at https://gravitl.com/plans/business.

By the end of this guide, you will have Netmaker installed on a public VM linked to your custom domain, secured behind an Nginx reverse proxy.

For information about deploying more advanced configurations, see the Advanced Installation docs.

1. Prerequisites¶

  • Virtual Machine

    • Preferably from a cloud provider (e.x: DigitalOcean, Linode, AWS, GCP, etc.)
      • We do not recommend Oracle Cloud, as VM’s here have been known to cause network interference.

    • Public, static IP

    • Min 1GB RAM, 1 CPU (4GB RAM, 2CPU preferred)
      • Nginx may have performance issues if using a cloud VPS with a single, shared CPU

    • 2GB+ of storage

    • Ubuntu 20.04 Installed

  • Domain

    • A publicly owned domain (e.x. example.com, mysite.biz)

    • Permission and access to modify DNS records via DNS service (e.x: Route53)

2. Install Dependencies¶

ssh[email protected]r-host

Install Docker¶

Begin by installing the community version of Docker and docker-compose (there are issues with the snap version). You can follow the official Docker instructions here. Or, you can use the below series of commands which should work on Ubuntu 20.04.

At this point Docker should be installed.

Install Dependencies¶

In addition to Docker, this installation requires WireGuard, Nginx, and Certbot.

sudoapt-yinstallwireguardwireguard-toolsnginxcertbotpython3-certbot-nginxnet-tools

3. Prepare VM¶

Prepare Domain¶

  1. Choose a base domain or subdomain for Netmaker. If you own example.com, this should be something like netmaker.example.com

  • You must point your wildcard domain to the public IP of your VM, e.x: *.example.com –> <your public ip>

  1. Add an A record pointing to your VM using your DNS service provider for *.netmaker.example.com (inserting your own subdomain of course).

  2. Netmaker will create three subdomains on top of this. For the example above those subdomains would be:

  • dashboard.netmaker.example.com

  • api.netmaker.example.com

  • grpc.netmaker.example.com

Moving forward we will refer to your base domain using <your base domain>. Replace these references with your domain (e.g. netmaker.example.com).

Install Nginx On Docker Ubuntu

  1. nslookuphost.<yourbasedomain> (inserting your domain) should now return the IP of your VM.

  2. Generate SSL Certificates using certbot:

sudocertbotcertonly--manual--preferred-challenges=dns--email[email protected]--serverhttps://acme-v02.api.letsencrypt.org/directory--agree-tos--manual-public-ip-logging-ok-d'*.<yourbasedomain>'

The above command (using your domain instead of <your base domain>), will prompt you to enter a TXT record in your DNS service provider. Do this, and wait one minute before clicking enter, or it may fail and you will have to run the command again.

Prepare Firewall¶

Make sure firewall settings are appropriate for Netmaker. You need ports 53 and 443. On the server you can run:

Based on your cloud provider, you may also need to set inbound security rules for your server. This will be dependent on your cloud provider. Be sure to check before moving on:
  • allow 443/tcp from all

  • allow 53/udp and 53/tcp from all

Install Nginx On Docker

In addition to the above ports, you will need to make sure that your cloud’s firewall or security groups are opened for the range of ports that Netmaker’s WireGuard interfaces consume.

Netmaker will create one interface per network, starting from 51821. So, if you plan on having 5 networks, you will want to have at least 51821-51825 open (udp).

Prepare Nginx¶

Nginx will serve the SSL certificate with your chosen domain and forward traffic to netmaker.

Get the nginx configuration file:

wgethttps://raw.githubusercontent.com/gravitl/netmaker/develop/nginx/netmaker-nginx-template.conf

Insert your domain in the configuration file and add to nginx:

4. Install Netmaker¶

Prepare Templates¶

Note on COREDNS_IP: Depending on your cloud provider, the public IP may not be bound directly to the VM on which you are running. In such cases, CoreDNS cannot bind to this IP, and you should use the IP of the default interface on your machine in place of COREDNS_IP. If the public IP is bound to the VM, you can simply use the same IP as SERVER_PUBLIC_IP.

Generate a unique master key and insert it:

You may want to save this key for future use with the API.

Start Netmaker¶

sudodocker-compose-fdocker-compose.ymlup-d

navigate to dashboard.<your base domain> to see your nginx instance.

Install Nginx On Docker Windows

To troubleshoot issues, start with:

dockerlogsnetmaker

Or check out the troubleshoooting docs.

I have a website served by a Docker host. It is setup to allow deployment on the remote host with a single command:

Install Nginx On Docker

But at the moment this site only runs http and I want https. There are quite a few steps to this, and I get help from a few different places. So this will serve as my notes for whenever I need to perform this setup process again.

This is what we need to do:

  • It is assumed that DNS records point to the Docker host.
  • Setup reverse proxy application Nginx Certbot on the host VM.
  • Initialize the Letsencrypt certificate on the server.
  • Setup networking between the proxy containers and the application containers.
  • Launch the proxy containers from the host VM.
  • Launch the application containers from the development machine through docker context.

Three of my sources for this article refer to the same project. Nginx Certbot is the name of a bundle with a Docker Compose-setup and a shell script for automating the ssh certification renewal process. I had no idea how any of this worked until yesterday, and if any of this helps anyone, it’s all thanks to Philipp’s work.

To install the reverse proxy, log in to the host VM and clone the repo:

Install nginx on dockerfile

Now the readme states the following:

Modify configuration:

  • Add domains and email addresses to init-letsencrypt.sh
  • Replace all occurrences of example.org with primary domain (the first one you added to init-letsencrypt.sh) in data/nginx/app.conf

Go ahead and do that, except for the very last occurrence of example.com in line 12 of data/nginx/app.conf:

Install Nginx Proxy Manager On Docker

See, what this piece of configuration does is it provides a proxy for the address in the proxy_pass. That means that if we switch this out, and write our own address, then we’ll end up looping back around to the http version of our website (which is itself a redirect). So leave that as it is for now.

Having finished configurations, go ahead and run ./init-letsencrypt.sh. This script does a few things. First it creates a dummy certificate, then it requests an update to this certificate, then it authenticates with Letsencrypt, then it overwrites the dummy certificate.

Next, with that out of the way, we actually do have to edit the proxy_pass parameter in the app.conf-file. Go ahead and change it to myapp:5000.

Then, on the host VM as well as the development machine, create the Docker network my_network:

On the host machine, add this network to the compose-file:

On the development machine, likewise, add the network to the compose-file:

Next time we launch these two compose files on the Docker host, we get two sets of containers running on the same machine. They are not part of the same bundle, but thanks to the network linking they are still able to talk to each other. We could also go more granular and put the backend on its own network to separate concerns.

To recap: We set the proxy_pass to myapp:5000, where myapp is the name of our entry point in the application’s compose-file, and port 5000 is the port that the app is exposed on within the Docker network. The network itself is usually automatically created, but because we need the environment from two separate compose-files to communicate with each other, we need to create an external network shared between the two before we can refer to myapp from the reverse proxy.

Install Nginx Docker Ubuntu 18.04

With all that set up, it is time to try and deploy both projects on the host. Run up on both machines:

And the site is live. The ssl certificates makes it possible to serve the site through https, and the ssl certificate itself gets automatically renewed through Letsencrypt.

Sources:

Most Viewed Posts