mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/selfhosting-blogposts.git
synced 2025-05-17 04:36:58 +00:00
177 lines
5.3 KiB
Markdown
177 lines
5.3 KiB
Markdown
# Nginx Proxy Manager (Docker)
|
|
|
|
Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.
|
|
|
|
You can use DuckDNS to get a free domain name:
|
|
|
|

|
|
|
|
|
|
[ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Nextcloud/blog/Conf]
|
|
→ ssh root@ech4.duckdns.org
|
|
The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
|
|
ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
|
|
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
|
|
Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
|
|
Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64
|
|
|
|
The programs included with the Debian GNU/Linux system are free software;
|
|
the exact distribution terms for each program are described in the
|
|
individual files in /usr/share/doc/*/copyright.
|
|
|
|
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
|
|
permitted by applicable law.
|
|
root@debian-s-1vcpu-1gb-lon1-01:~#
|
|
|
|
|
|
|
|
## **Docker Installation**
|
|
|
|
|
|
apt install curl -y
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
apt install docker-compose -y
|
|
|
|
|
|
_or:_
|
|
|
|
|
|
apt install docker.io docker-compose -y
|
|
|
|
which docker && docker -v
|
|
|
|
|
|
|
|
Next create nginxproxymanager (npm)'s directory and get the configuration files:
|
|
|
|
|
|
mkdir nproxy
|
|
cd nproxy
|
|
nano config.json
|
|
|
|
|
|
|
|
|
|
{
|
|
"database": {
|
|
"engine": "mysql",
|
|
"host":"db",
|
|
"name":"npm",
|
|
"user":"nothing",
|
|
"password":"P@SSW0RD!",
|
|
"port":3306
|
|
}
|
|
}
|
|
|
|
|
|
|
|
Hit ctrl+S to save and ctrl+X to exit nano, then create docker-compose.yml
|
|
|
|
|
|
nano docker-compose.yml
|
|
|
|
|
|
|
|
|
|
version: '3'
|
|
services:
|
|
app:
|
|
image: 'jc21/nginx-proxy-manager:latest'
|
|
ports:
|
|
- '80:80'
|
|
- '81:81'
|
|
- '443:443'
|
|
volumes:
|
|
- ./config.json:/app/config/production.json
|
|
- ./data:/data
|
|
- ./letsencrypt:/etc/letsencrypt
|
|
db:
|
|
image: 'jc21/mariadb-aria:10.4'
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: 'R00T_P@SSW0RD!'
|
|
MYSQL_DATABASE: 'npm'
|
|
MYSQL_USER: 'nothing'
|
|
MYSQL_PASSWORD: 'P@SSW0RD!'
|
|
volumes:
|
|
- ./data/mysql:/var/lib/mysql
|
|
|
|
|
|
|
|
|
|
docker-compose up -d
|
|
|
|
|
|
|
|
Wait a bit for it to run:
|
|
|
|
 
|
|
|
|
Once it's done, run docker ps to see your running containers:
|
|
|
|
|
|
|
|
root@debian-s-1vcpu-1gb-lon1-01:~/nproxy# docker ps
|
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
|
b9bcb6598f65 jc21/mariadb-aria:10.4 "/scripts/run.sh" 56 seconds ago Up 54 seconds 3306/tcp nproxy_db_1
|
|
bf2a4c279e3c jc21/nginx-proxy-manager:latest "/init" 56 seconds ago Up 54 seconds (healthy) 0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp nproxy_app_1
|
|
|
|
|
|
|
|
you can verify it is working by visiting your website (here it's http://ech4.duckdns.org/)
|
|
|
|

|
|
|
|
And there you have it. Now from here go to the admin page on port 81 where you'll log in with the default credentials **admin@example.com:changeme** :
|
|
|
|

|
|
|
|
Change the default admin credentials:
|
|
|
|
 
|
|
|
|
Then log out and back in again with your new credentials:
|
|
|
|
 
|
|
|
|
Next let's create a proxy host for this server, just to test if it's working.
|
|
|
|
|
|
ip addr show docker0 | grep inet
|
|
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
|
|
|
|
|
|
|
|
So we're going to make sure that manage.ech4.duckdns.org redirects to the server's INTERNAL ip address 172.17.0.1's port 81:
|
|
|
|

|
|
|
|
Next head over to the SSL tab:
|
|
|
|

|
|
|
|
Hit Save:
|
|
|
|

|
|
|
|
Once that's done, you'll see that we have been able to:
|
|
|
|
1. create a subdomain to our website
|
|
|
|
2. enable SSL for that subdomain thanks to letsencrypt
|
|
|
|
3. Create the subdomain https on port 443 regardless of the original port
|
|
|
|
4. set it's access to public
|
|
|
|
|
|
|
|
|
|
So let's test it:
|
|
|
|

|
|
|
|
With this done, you realize now that you can use nginx proxy manager in order to bring together multiple web applications regardless of their ports (wether it is 8080 or 80 or 9090 or 443 etc) and enable them out publicly from a private ip subnet, to nproxy's public interface as a subdomain with SSL enabled thanks to letsencrypt.
|
|
|
|
In other words, this is giving me ideas to run a proxmox server locally at home where i will be able to host my web applications in virtualised environments (wether it is on debian or windows or centos) and therefore being able to use nproxy to make them available publicly as a list of subdomains. This also works for external servers that are accessible through public ip addresses and/or through their respective domain names:
|
|
|