The NGINX web server
Using the
NGINX web server as a reverse proxy and a file server.
Specify the
replace_data_directory
directory to keep all
data
where you want it.
Choose a name for the container
replace_container
,
for the volumes
replace_volume
and
for the network
replace_network
.
Use one or more Docker networks to hide services behind the reverse proxy.
In this setup, applications do not publish any ports.
Instead, they are added to networks where they communicate with other containers, including
the reverse proxy server.
It becomes a single configuration point that terminates TLS and routes requests.
Create the directories. Create the volumes and the network.
data_directory="replace_data_directory" # data_directory=/data/services
container=replace_container # container=nginx
volume=replace_volume # volume=nginx
volume_configuration=${volume}_configuration
volume_tls=${volume}_tls
volume_content=${volume}_content
volume_cache=${volume}_cache
volume_logs=${volume}_logs
network=replace_network # network=services
sudo mkdir --parents "$data_directory/nginx"
sudo chmod --recursive a+rwX "$data_directory/nginx/"
mkdir "$data_directory/nginx/configuration"
mkdir "$data_directory/nginx/tls"
mkdir "$data_directory/nginx/content"
mkdir "$data_directory/nginx/cache"
mkdir "$data_directory/nginx/logs"
docker volume create \
--name $volume_configuration \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/configuration/"
docker volume create \
--name $volume_tls \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/tls/"
docker volume create \
--name $volume_content \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/content/"
docker volume create \
--name $volume_cache \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/cache/"
docker volume create \
--name $volume_logs \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/logs/"
docker network create $network
Start the container.
docker run --detach --restart unless-stopped \
--name $container \
--hostname $container \
--network $network \
--publish 80:80 \
--publish 443:443 \
--mount type=volume,source=$volume_configuration,destination=/etc/nginx \
--mount type=volume,source=$volume_tls,destination=/etc/ssl \
--mount type=volume,source=$volume_content,destination=/usr/share/nginx/html \
--mount type=volume,source=$volume_cache,destination=/var/cache/nginx \
--mount type=volume,source=$volume_logs,destination=/var/log/nginx \
--mount type=bind,source=/etc/timezone,destination=/etc/timezone,readonly \
--mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly \
nginx
Configure the server for
your use case.
Reload the configuration.
Put your TLS key and certificate pair
replace_key
into the server directory and
point the configuration file to them.
Alternatively, configure
automatic provisioning of keys and certificates.
edit "$data_directory/nginx/configuration/nginx.conf"
mv replace_key.key "$data_directory/nginx/tls/"
mv replace_key.crt "$data_directory/nginx/tls/"
docker kill --signal HUP $container