Use Portainer to Install Nginx Docker as Reverse Proxy and Use CertBot Deploy LetsEncrypt Certificate into Nginx
Actually, this post is to continue my previous post:Â Install Ubuntu Desktop Docker Using Portainer and Access it From Browser (VNC/noVNC).
In that post, I deployed a Ubuntu Desktop Docker using Portainer and access it through a web browser. It only works on port 6080 and does not support https. In this post, I am putting a Nginx docker in front of Ubuntu Desktop Docker as a reverse proxy. Also IÂ deployed CertBot to issue a Let's Encrypt certificate for Ubuntu Desktop Docker's domain name. In this way, I can use my own sub-domain name on port 443, rather than 6080, to access my Ubuntu Desktop docker. Much easy and more professional way.Â
Using Portainer to Install Nginx Docker
Make sure your domain novnc.51sec.org is pointing to your VPS's public ip.
Create a new Container in Portainer:
We are having three containers now managed by Portainer: Nginx, noVNC, and Portainer.
Use Nginx As Reverse Proxy ServerÂ
In this lab, Nginx will be configured as reverse proxy to redirect all traffic for novnc.51sec.org on port 80 or 443 to proxied docker, noVNC.Â
apt update && apt install nano
nano /etc/nginx/conf.d/novnc.conf
nano /etc/nginx/conf.d/novnc.conf
server {
listen 80;
server_name novnc.51sec.org;
location / {
proxy_pass http://172.31.23.170:6080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
}
service nginx restart
Once nginx service restarted, the configuration will take effect. We will able to access Ubuntu desktop using sub domain name on port 80 , http://novnc.51sec.org
Install Certbot
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
With Certbot's help, we can easily convert a http site to secure https site using a nonprofit certificate authority provided ssl/tls certificate.Â
Unfortunately the install instruction from Certbot is not working for my Nginx docker. But I can run following two commands to get Certbot installed.Â
- apt install certbot
- apt install python-certbot-nginx
Based on your Linux version, you might get an error :Â Unable to locate package python-certbot-nginx
[email protected]:/etc/nginx/conf.d# apt install python-certbot-nginx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package python-certbot-nginx
[email protected]:/etc/nginx/conf.d#
In this case , install package apt install python3-certbot-nginx
python3-certbot-nginx will be the right nginx plug-in for your situation. After this plugin installed, you can start to configure https for your site.
Certbot issue certs for your domain
Last step is to run Certbot to apply a SSL/TLS certificate for our Nginx website. It will automatically configure necessary configuration on our Nginx configuration.Â
Here is the command to apply certificate and make changes on configuration file:
- certbot --nginx
The novnc.conf configuration file has been changed to :
[email protected]:/# cat /etc/nginx/conf.d/novnc.conf
server {
server_name novnc.51sec.org;
location / {
proxy_pass http://172.31.23.170:6080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/novnc.51sec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/novnc.51sec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = novnc.51sec.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name novnc.51sec.org;
return 404; # managed by Certbot
[email protected]:/#
After restart nginx service, https://novnc.51sec.org is up and it is using a valid certificate to encrypt the traffic between the client and server.Â
YouTube:
nice info
ReplyDelete