NGINX

The NGINX web server

Using the NGINX web server as a reverse proxy and a file server.

Specify the replace_data_directory directory to keep all data where you want it.
Choose a name for the container replace_container, for the volumes replace_volume and for the network replace_network.
Use one or more Docker networks to hide services behind the reverse proxy. In this setup, applications do not publish any ports. Instead, they are added to networks where they communicate with other containers, including the reverse proxy server. It becomes a single configuration point that terminates TLS and routes requests.

Create the directories. Create the volumes and the network.



data_directory="replace_data_directory" # data_directory=/data/services

container=replace_container # container=nginx
volume=replace_volume # volume=nginx
volume_configuration=${volume}_configuration
volume_tls=${volume}_tls
volume_content=${volume}_content
volume_cache=${volume}_cache
volume_logs=${volume}_logs
network=replace_network # network=services

sudo mkdir --parents "$data_directory/nginx"
sudo chmod --recursive a+rwX "$data_directory/nginx/"

mkdir "$data_directory/nginx/configuration"
mkdir "$data_directory/nginx/tls"
mkdir "$data_directory/nginx/content"
mkdir "$data_directory/nginx/cache"
mkdir "$data_directory/nginx/logs"

docker volume create \
--name $volume_configuration \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/configuration/"
docker volume create \
--name $volume_tls \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/tls/"
docker volume create \
--name $volume_content \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/content/"
docker volume create \
--name $volume_cache \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/cache/"
docker volume create \
--name $volume_logs \
--driver local-persist \
--opt mountpoint="$data_directory/nginx/logs/"

docker network create $network

Start the container.



docker run --detach --restart unless-stopped \
--name $container \
--hostname $container \
--network $network \
--publish 80:80 \
--publish 443:443 \
--mount type=volume,source=$volume_configuration,destination=/etc/nginx \
--mount type=volume,source=$volume_tls,destination=/etc/ssl \
--mount type=volume,source=$volume_content,destination=/usr/share/nginx/html \
--mount type=volume,source=$volume_cache,destination=/var/cache/nginx \
--mount type=volume,source=$volume_logs,destination=/var/log/nginx \
--mount type=bind,source=/etc/timezone,destination=/etc/timezone,readonly \
--mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly \
nginx

Configure the server for your use case.
Reload the configuration.

Put your TLS key and certificate pair replace_key into the server directory and point the configuration file to them.
Alternatively, configure automatic provisioning of keys and certificates.



edit "$data_directory/nginx/configuration/nginx.conf"

mv replace_key.key "$data_directory/nginx/tls/"
mv replace_key.crt "$data_directory/nginx/tls/"

docker kill --signal HUP $container