Continuing from our last post about self-hosting your own cloud environment lets start by setting up our reverse proxy server. You might be asking why we need something called a reverse proxy.
A reverse proxy server in our case usage, will allow us to accept HTTP data on port 80 and HTTPS data on port 443 and direct it to the correct application/server running on our docker server. Because you cannot have a duplicate port running on an IP address we need a reverse proxy server. Think of this reverse proxy server as somebody directing traffic based on the type of vehicle and contents of said vehicle.
The software we are going to use to accomplish this is called Nginx. The docker container we will pull is named Nginx Proxy Manager. This is a great setup that will give us a nice web interface to manage our reverse proxy.
Start by logging into your Portainer install by visiting the public address of your VPS on port 9000.
Click “Containers” on the left and then “Add container” at the top row of buttons.
In the “Name” box I will give it the name of “nginxproxymanager” and then for “Image” I will be using “jc21/nginx-proxy-manager:latest”.
Under “Network ports configuration” we will click the “publish new network port” three times so we get three rows to add mappings for. Make it look like the following:
Host: 80 -> Container: 80 Host: 6080 -> Container: 81 Host: 443 -> Container: 443
Moving down the page, click on the button labeled “Restart policy” under “Advanced container settings” then choose “Always” for your restart policy.
Now lets move to “Volumes” under “Advanced container settings”. We are going to use two volume bind mappings here. Click on “map additional volume” twice. Choose “Bind” on the right side for both.
Make your volumes look something like the following:
Container: /data -> Host: /media/nginxproxymanager/data Container: /etc/letsencrypt -> /media/nginxproxymanager/letsencrypt
What you are doing here is mapping a file system path inside the docker container your going to deploy, to the host operating system. We now need to create these folders on the host system. Note that you can choose a different path on the host, just replace your paths with the above example and the below commands.
SSH into your VPS and execute the following commands:
username@vps-8734:~$ sudo -i root@vps-8734:~# mkdir -p /media/nginxproxymanager/data root@vps-8734:~# mkdir -p /media/nginxproxymanager/letsencrypt
With the directories created, lets deploy the new container. In your web browser on the Portainer page click on “Deploy the container”. Give this some time, you should be presented with the list of containers on your docker host and should see one named “nginxproxymanager” with some published ports as such.
443:443 443:443 80:80 80:80 6080:81 6080:81
If you enabled the firewall during in the last article, we need to allow two ports open to the public and then lock one down to your administrative IP address.
Switch back to your SSH session on the VPS and run the following commands to modify your firewall:
root@vps-8734:~# ufw allow 80 root@vps-8734:~# ufw allow 443
If you do not have a specific administrative IP address to securely access your resources, you can allow the last port open to the world, but you will need to take care of securing this service using some other methods and a strong password when configuring Nginx Proxy Manager.
root@vps-8734:~# ufw allow 6080
If you do have an administrative IP address you can use this command instead, just replace the IP address with yours:
root@vps-8734:~# ufw allow from 22.214.171.124 proto tcp to any port 6080
Now that we are allowing traffic into our docker server on ports 80, 443, and 6080 docker will handle the traffic and pass it into the container listening on those ports which is our Nginx Proxy Manager.
Go ahead and open the Nginx Proxy Manager administrative portal in your web browser visit the following page in your browser:
The default credentials are as below:
Email: firstname.lastname@example.org Password: changeme
Once you get into the portal, change your username and password to something much more secure especially if you are not locking down the administrative interface (port 6080) using the firewall.
You now have a working reverse proxy server setup on your docker server. We will use this interface as well as continuing to use Portainer to direct web traffic and manage docker.
Our next step, and first application will be installing our self-hosted search engine.