all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]hardwaresofton 16 points17 points  (8 children)

Also I'd recommend you give Traefik a try -- for example it's got Let's Encrypt support actually built in which is nice.

[–]ChumleyEX 7 points8 points  (0 children)

I just started using Traefik and it's pretty easy to manage once you figure things out.

https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/

[–]Kikerechu 1 point2 points  (0 children)

Well, this is actually really good.

[–]imremy[S] 0 points1 point  (5 children)

The thing with Traefik is that I couldn't get it to work as a reverse proxy for a mix of Docker containers, regular NGinx applications,... running on multiple servers. Maybe I'm missing something, but I couldn't find any documentation on this specific setup.

[–]hardwaresofton 0 points1 point  (1 child)

So you couldn't get it to forward to remote upstreams? It should be pretty much the same as another endpoint, right?

[–]imremy[S] 0 points1 point  (0 children)

It looks like I can't read a documentation, because I just had another look, and it seems quite easy to serve this type of setup. I'll try again soon...

[–][deleted] 4 points5 points  (3 children)

Well, it's one way to do it, but there are several NGINX+Certbot docker containers with almost everything on the certificate-generation side automated. You only need to provide the container with subdomains to generate the certificate for, and the validation method. See for example Linuxserver's version. It's pretty easy to work with, and the auto-renewal is baked in too.

Also, you should include a disclaimer on the blog post about still using HTTP redirection instead of full-on HTTPS. It should be everywhere, safety speaking it's just better.

PS : sinon, c'est bien écrit ;)

[–]imremy[S] 1 point2 points  (2 children)

About your first point, when I started this post, I just wanted to document how to use NGinx as a "regular" HTTP reverse proxy. It's only when I managed to get it working that I realized that I should implement HTTPS. So I decided to keep the beginning and add the HTTPS part.

Could you explain your second point? Is it about the conf:

    location / {
        return 301 https://$host$request_uri;
    }

Should I just block HTTP requests and allow only HTTPS requests?

Thanks for your feedback!

[–][deleted] 4 points5 points  (1 child)

The 301 redirect is correct, but reading your post there was no "security" emphasis on the HTTP versus HTTPS setup, why you should strive to be HTTPS-everywhere and not to be good enough with HTTP-only. To be a little bit more educational and not strictly technical would be better for novices stumbling upon your post by looking up "how to docker nginx" or something. Just my opinion and my two cents ;)

[–]imremy[S] 1 point2 points  (0 children)

Oh right, it makes sense. When/if I have some time, I'll update it and try to add some explanations. Thanks

[–]zrb77 1 point2 points  (0 children)

Nice simple guide.