In this guide, we explain how to install and configure a reverse proxy (force https, automatically renew your certificate...).
-
Copy this
docker-compose.yaml
file in your server :version: "3.3" services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped container_name: nginx-proxy-manager ports: - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port environment: # Uncomment this if you want to change the location of # the SQLite DB file within the container DB_SQLITE_FILE: "/data/database.sqlite" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt # Bind logs to create fail2ban rules with access.log content - ./log:/var/log/nginx # Add docker health check # https://nginxproxymanager.com/advanced-config/#docker-healthcheck healthcheck: test: ["CMD", "/usr/bin/check-health"] interval: 10s timeout: 3s networks: - nginx-proxy - npm-internal # Create a custom network so you don't need to publish ports of other docker containers # https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network networks: npm-internal: nginx-proxy: external: true
-
For our configuration, we create a custom Docker network, so you don't need to publish ports for your upstream services to all of the Docker host's interfaces.
sudo docker network create nginx-proxy
-
(Optional) If you want to use an anonymous account, pull
jc21/nginx-proxy-manager
from portainer or run :sudo docker pull jc21/nginx-proxy-manager:latest
-
In your firewall open 3 tcp ports (80, 443 and 81). The port 81 corresponds to nginx proxy manager web interface.
-
Deploy your container :
sudo docker-compose up -d
-
Go to http://<YOUR_DOMAIN_NAME>:81 and connect with the default admin user :
Email: [email protected] Password: changeme
Once connected, a prompt will appear to change these settings.
We will use the Helix Authentication Service as an example.
-
In your hosting service, add a new DNS record pointing to your server. For the next steps, we will use login.example.com.
-
Comment the port section and uncomment the network section of the docker-compose.yaml
version: '3' services: helix-auth-svc: image: perforce/helix-auth-svc:latest container_name: helix-auth-svc restart: unless-stopped environment: - SVC_BASE_URI=<YOUR_SVC_BASE_URI> # e.g https://<YOUR_SRV_IP>:3000/ - PROTOCOL=https - DEBUG=no - NODE_ENV=production - OIDC_ISSUER_URI=<YOUR_ISSUER> - OIDC_CLIENT_ID=<YOUR_CLIENT_ID> - OIDC_CLIENT_SECRET=<YOUR_CLIENT_SECRET> # ports: # - "3000:3000" networks: - nginx-proxy networks: nginx-proxy: external: true
ℹ️ The idea is to to create a private network so you don't need to publish ports of other docker containers than Nginx.
-
If the container is already running, restart with the new configuration :
sudo docker-compose up --build -d --remove-orphans
-
Go to your Nginx Proxy Manager dashboard (e.g http://<YOUR_DOMAIN_NAME>:81).
-
Click on
Proxy Hosts
andAdd Proxy Host
. -
Complete the form with your domain name. We use the hostname of our docker-compose to redirect proxy traffic to the service, not the hard-coded IP address of the container. For the forward port, it will be the same as the port commented out in the docker compose.
-
Now click on SSL to request a new certificate for your subdomain, which will be automatically renewed. Just replace with your email address.
-
Click on Save and you can now go to https://login.example.com/ to check that the redirection is working.
We will use Helix Core as an example.
-
Comment the port section and uncomment the network section of the docker-compose.yaml
version: '3' services: helix-core: image: wesleypetit/helix-core:latest container_name: helix-core restart: unless-stopped volumes: - ./data/p4dctl.conf.d:/etc/perforce/p4dctl.conf.d - ./data:/data - ./dbs:/dbs environment: - P4PORT=ssl:1666 - P4ROOT=/data # ports: # - 1666:1666 networks: - nginx-proxy networks: nginx-proxy: external: true
ℹ️ The idea is to to create a private network so you don't need to publish ports of other docker containers than Nginx.
-
If the container is already running, restart with the new configuration :
sudo docker-compose up --build -d --remove-orphans
-
Add the port 1666 in the Nginx Proxy Manager docker-compose.
ports: - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port - '1666:1666' # Helix Core
-
Deploy Nginx Proxy Manager :
sudo docker-compose up --build -d
-
Go to your Nginx Proxy Manager dashboard (e.g http://<YOUR_DOMAIN_NAME>:81).
-
Click on
Streams
andAdd Stream
. -
Complete the form, we use the hostname of our docker-compose to redirect proxy traffic to the service, not the hard-coded IP address of the container. For the forward port, it will be the same as the port commented out in the docker compose.
-
With P4V checked that you still have access to Helix Core.